Zohocorp Manageengine Supportcenter Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Supportcenter Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2022-36412 — CVSS 9.8 (critical): In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in…
CVE-2023-23076 — CVSS 9.8 (critical): OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.
CVE-2022-40773 — CVSS 8.8 (high): Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows…
CVE-2024-38869 — CVSS 8.3 (high): Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue…
CVE-2023-35785 — CVSS 8.1 (high): Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer…
CVE-2019-12133 — CVSS 7.8 (high): Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine…
CVE-2023-26601 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus…
CVE-2021-43296 — CVSS 7.5 (high): Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.
CVE-2022-35403 — CVSS 7.5 (high): Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an…
CVE-2022-40770 — CVSS 7.2 (high): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by…
CVE-2025-3444 — CVSS 6.5 (medium): Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion…
CVE-2022-40772 — CVSS 6.5 (medium): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive…
CVE-2023-26600 — CVSS 6.5 (medium): ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer…
CVE-2024-41150 — CVSS 6.3 (medium): An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and…
CVE-2021-43295 — CVSS 6.1 (medium): Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
CVE-2021-43294 — CVSS 6.1 (medium): Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
CVE-2018-16965 — CVSS 6.1 (medium): In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2015-5149 — CVSS 5.5 (medium): Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary…
CVE-2023-34197 — CVSS 5.4 (medium): Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege…
CVE-2023-38331 — CVSS 5.4 (medium): Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.
CVE-2014-100002 — CVSS 5.0 (medium): Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a…
CVE-2022-40771 — CVSS 4.9 (medium): Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information…
CVE-2023-29443 — CVSS 4.9 (medium): Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer…
CVE-2015-0866 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers…
CVE-2015-5150 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject…
CVE-2022-42903 — CVSS 3.3 (low): Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
CVE-2024-27314 — CVSS 2.4 (low): Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable…