Zohocorp Manageengine Servicedesk Plus Msp — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Servicedesk Plus Msp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2021-44675 — CVSS 9.8 (critical): Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter…
CVE-2023-22964 — CVSS 9.1 (critical): Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication…
CVE-2022-40773 — CVSS 8.8 (high): Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows…
CVE-2024-38869 — CVSS 8.3 (high): Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue…
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2022-35403 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an…
CVE-2023-26601 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus…
CVE-2022-32551 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or…
CVE-2021-31160 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVE-2022-40770 — CVSS 7.2 (high): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by…
CVE-2025-3444 — CVSS 6.5 (medium): Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion…
CVE-2022-40772 — CVSS 6.5 (medium): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive…
CVE-2023-26600 — CVSS 6.5 (medium): ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer…
CVE-2024-41150 — CVSS 6.3 (medium): An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and…
CVE-2024-50053 — CVSS 6.3 (medium): Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2023-34197 — CVSS 5.4 (medium): Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege…
CVE-2023-49943 — CVSS 5.4 (medium): Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.
CVE-2021-31159 — CVSS 5.3 (medium): Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the…
CVE-2022-40771 — CVSS 4.9 (medium): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information…
CVE-2023-29443 — CVSS 4.9 (medium): Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer…
CVE-2024-27314 — CVSS 2.4 (low): Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable…