Zohocorp Servicedesk Plus — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Servicedesk Plus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2016-4889 — CVSS 8.8 (high): ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to…
CVE-2019-10008 — CVSS 8.8 (high): Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically…
CVE-2015-1479 — CVSS 6.5 (medium): SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows…
CVE-2016-4888 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web…
CVE-2016-4890 — CVSS 5.3 (medium): ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain…