Vulnerabilites related to ManageEngine - SupportCenter Plus
cve-2024-41150
Vulnerability from cvelistv5
Published
2024-08-23 14:08
Modified
2024-08-23 14:38
Severity ?
EPSS score ?
Summary
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | ServiceDesk Plus |
Version: 0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-41150", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-23T14:38:04.957325Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-23T14:38:15.256Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://www.manageengine.com/products/service-desk/", defaultStatus: "unaffected", product: "ServiceDesk Plus", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14810", status: "affected", version: "0", versionType: "14810", }, ], }, { collectionURL: "https://www.manageengine.com/products/service-desk/", defaultStatus: "unaffected", product: "ServiceDesk Plus MSP", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14800", status: "affected", version: "0", versionType: "14810", }, ], }, { collectionURL: "https://www.manageengine.com/products/service-desk/", defaultStatus: "unaffected", product: "SupportCenter Plus", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14800", status: "affected", version: "0", versionType: "14810", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp <span style=\"background-color: rgb(255, 255, 255);\">ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.</span><p>This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.</p>", }, ], value: "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-23T14:15:04.852Z", orgId: "0fc0942c-577d-436f-ae8e-945763c79b02", shortName: "ManageEngine", }, references: [ { url: "https://www.manageengine.com/products/service-desk/CVE-2024-41150.html", }, ], source: { discovery: "UNKNOWN", }, title: "Stored XSS", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "0fc0942c-577d-436f-ae8e-945763c79b02", assignerShortName: "ManageEngine", cveId: "CVE-2024-41150", datePublished: "2024-08-23T14:08:17.169Z", dateReserved: "2024-07-16T07:03:21.737Z", dateUpdated: "2024-08-23T14:38:15.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }