Vulnerabilites related to zohocorp - manageengine_servicedesk_plus
cve-2017-9376
Vulnerability from cvelistv5
Published
2019-03-25 15:53
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
References
| ▼ | URL | Tags |
|---|---|---|
| https://labs.integrity.pt/advisories/cve-2017-9376/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107558 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:02:44.375Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://labs.integrity.pt/advisories/cve-2017-9376/", }, { name: "107558", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107558", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-19T00:00:00", descriptions: [ { lang: "en", value: "ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-26T06:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://labs.integrity.pt/advisories/cve-2017-9376/", }, { name: "107558", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107558", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9376", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://labs.integrity.pt/advisories/cve-2017-9376/", refsource: "MISC", url: "https://labs.integrity.pt/advisories/cve-2017-9376/", }, { name: "107558", refsource: "BID", url: "http://www.securityfocus.com/bid/107558", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9376", datePublished: "2019-03-25T15:53:20", dateReserved: "2017-06-02T00:00:00", dateUpdated: "2024-08-05T17:02:44.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14048
Vulnerability from cvelistv5
Published
2020-06-12 01:41
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html | x_refsource_MISC | |
| https://gitlab.com/eLeN3Re/CVE-2020-14048 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:32:14.676Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-14048", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-06-15T04:09:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-14048", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14048", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { name: "https://gitlab.com/eLeN3Re/CVE-2020-14048", refsource: "MISC", url: "https://gitlab.com/eLeN3Re/CVE-2020-14048", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14048", datePublished: "2020-06-12T01:41:42", dateReserved: "2020-06-12T00:00:00", dateUpdated: "2024-08-04T12:32:14.676Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-10273
Vulnerability from cvelistv5
Published
2019-04-04 15:36
Modified
2024-08-04 22:17
Severity ?
EPSS score ?
Summary
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0x445.github.io/CVE-2019-10273/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46674/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T22:17:19.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://0x445.github.io/CVE-2019-10273/", }, { name: "46674", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46674/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-03-30T00:00:00", descriptions: [ { lang: "en", value: "Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-08T20:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://0x445.github.io/CVE-2019-10273/", }, { name: "46674", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46674/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-10273", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://0x445.github.io/CVE-2019-10273/", refsource: "MISC", url: "https://0x445.github.io/CVE-2019-10273/", }, { name: "46674", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46674/", }, { name: "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-10273", datePublished: "2019-04-04T15:36:47", dateReserved: "2019-03-29T00:00:00", dateUpdated: "2024-08-04T22:17:19.681Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6105
Vulnerability from cvelistv5
Published
2023-11-15 20:57
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | Service Desk Plus |
Version: 0 < 14304 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:21:17.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2023-35", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Service Desk Plus", vendor: "ManageEngine", versions: [ { lessThan: "14304", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Asset Explorer", vendor: "ManageEngine", versions: [ { lessThan: "7004", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unaffected", product: "Access Manager Plus", vendor: "ManageEngine", versions: [ { lessThan: "14304", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.<br>", }, ], value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.", }, ], impacts: [ { capecId: "CAPEC-176", descriptions: [ { lang: "en", value: "CAPEC-176 Configuration/Environment Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-26T19:58:04.015Z", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { url: "https://www.tenable.com/security/research/tra-2023-35", }, { url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, ], source: { discovery: "UNKNOWN", }, title: "ManageEngine Information Disclosure in Multiple Products", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2023-6105", datePublished: "2023-11-15T20:57:47.981Z", dateReserved: "2023-11-13T15:10:28.339Z", dateUpdated: "2025-02-13T17:26:03.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12133
Vulnerability from cvelistv5
Published
2019-06-18 21:27
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html | x_refsource_CONFIRM | |
| https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:10:30.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-04-30T00:00:00", descriptions: [ { lang: "en", value: "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-18T18:00:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12133", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", refsource: "CONFIRM", url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", }, { name: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md", refsource: "MISC", url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12133", datePublished: "2019-06-18T21:27:25", dateReserved: "2019-05-15T00:00:00", dateUpdated: "2024-08-04T23:10:30.563Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-8394
Vulnerability from cvelistv5
Published
2019-02-17 04:00
Modified
2025-02-04 20:23
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46413/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/107129 | vdb-entry, x_refsource_BID | |
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:17:31.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "46413", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46413/", }, { name: "107129", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107129", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2019-8394", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T20:23:35.077619Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8394", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T20:23:40.216Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-16T00:00:00.000Z", descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-25T10:57:01.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "46413", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46413/", }, { name: "107129", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107129", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-8394", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "46413", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46413/", }, { name: "107129", refsource: "BID", url: "http://www.securityfocus.com/bid/107129", }, { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "CONFIRM", url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-8394", datePublished: "2019-02-17T04:00:00.000Z", dateReserved: "2019-02-16T00:00:00.000Z", dateUpdated: "2025-02-04T20:23:40.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23077
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2025-03-27 14:20
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:39.691Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-23077", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T14:19:54.127217Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T14:20:01.439Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-22T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-23077", datePublished: "2023-02-01T00:00:00.000Z", dateReserved: "2023-01-11T00:00:00.000Z", dateUpdated: "2025-03-27T14:20:01.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15046
Vulnerability from cvelistv5
Published
2019-08-14 14:51
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html#10509 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Aug/17 | mailing-list, x_refsource_FULLDISC | |
| https://seclists.org/bugtraq/2019/Aug/37 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:53.099Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html#10509", }, { name: "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { name: "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/37", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T22:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html#10509", }, { name: "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { name: "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/37", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15046", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html#10509", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html#10509", }, { name: "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { name: "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/37", }, { name: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15046", datePublished: "2019-08-14T14:51:40", dateReserved: "2019-08-14T00:00:00", dateUpdated: "2024-08-05T00:34:53.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40771
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:28:42.554Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://manageengine.com", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-40771", datePublished: "2022-11-23T00:00:00", dateReserved: "2022-09-18T00:00:00", dateUpdated: "2024-08-03T12:28:42.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46065
Vulnerability from cvelistv5
Published
2022-01-27 15:29
Modified
2024-08-04 05:02
Severity ?
EPSS score ?
Summary
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html | x_refsource_MISC | |
| https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:02:10.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-27T15:32:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-46065", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { name: "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md", refsource: "MISC", url: "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-46065", datePublished: "2022-01-27T15:29:46", dateReserved: "2022-01-03T00:00:00", dateUpdated: "2024-08-04T05:02:10.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40770
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:28:42.680Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://manageengine.com", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-40770", datePublished: "2022-11-23T00:00:00", dateReserved: "2022-09-18T00:00:00", dateUpdated: "2024-08-03T12:28:42.680Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-50053
Vulnerability from cvelistv5
Published
2025-03-21 06:01
Modified
2025-04-03 13:04
Severity ?
EPSS score ?
Summary
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | ServiceDesk Plus |
Version: 0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-50053", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-21T13:58:06.843899Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-03T13:04:53.410Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://www.manageengine.com/products/service-desk/", defaultStatus: "unaffected", product: "ServiceDesk Plus", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14910", status: "affected", version: "0", versionType: "14910", }, ], }, { collectionURL: "https://www.manageengine.com/products/service-desk-msp/", defaultStatus: "unaffected", product: "ServiceDesk Plus MSP", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14900", status: "affected", version: "0", versionType: "14900", }, ], }, { collectionURL: "https://www.manageengine.com/products/support-center/", defaultStatus: "unaffected", product: "SupportCentre Plus", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14900", status: "affected", version: "0", versionType: "14900", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Dinh Vu", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Zohocorp ManageEngine ServiceDesk Plus versions <span style=\"background-color: rgb(255, 255, 255);\">below <span style=\"background-color: rgb(255, 255, 255);\">14920</span></span> , ServiceDesk Plus MSP and SupportCentre Plus versions below <span style=\"background-color: rgb(255, 255, 255);\">14910 are vulnerable to Stored XSS in the task feature.</span>", }, ], value: "Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-21T06:01:39.945Z", orgId: "0fc0942c-577d-436f-ae8e-945763c79b02", shortName: "Zohocorp", }, references: [ { url: "https://www.manageengine.com/products/service-desk/CVE-2024-50053.html", }, ], source: { discovery: "EXTERNAL", }, title: "Stored XSS", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "0fc0942c-577d-436f-ae8e-945763c79b02", assignerShortName: "Zohocorp", cveId: "CVE-2024-50053", datePublished: "2025-03-21T06:01:39.945Z", dateReserved: "2024-11-07T11:25:31.918Z", dateUpdated: "2025-04-03T13:04:53.410Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35785
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:45.335Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T18:56:34.893304", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://manageengine.com", }, { url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-35785", datePublished: "2023-08-28T00:00:00", dateReserved: "2023-06-16T00:00:00", dateUpdated: "2024-08-02T16:30:45.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15083
Vulnerability from cvelistv5
Published
2020-05-14 13:45
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/48473 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:34:53.239Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.exploit-db.com/exploits/48473", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At \"Asset Home > Server > <workstation> > software\" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-15T18:28:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.exploit-db.com/exploits/48473", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15083", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At \"Asset Home > Server > <workstation> > software\" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105", }, { name: "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html", }, { name: "https://www.exploit-db.com/exploits/48473", refsource: "MISC", url: "https://www.exploit-db.com/exploits/48473", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15083", datePublished: "2020-05-14T13:45:08", dateReserved: "2019-08-15T00:00:00", dateUpdated: "2024-08-05T00:34:53.239Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20081
Vulnerability from cvelistv5
Published
2021-06-10 11:01
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-22 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ServiceDesk Plus |
Version: Before 11205 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.431Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-22", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ManageEngine ServiceDesk Plus", vendor: "n/a", versions: [ { status: "affected", version: "Before 11205", }, ], }, ], descriptions: [ { lang: "en", value: "Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.", }, ], problemTypes: [ { descriptions: [ { description: "Incomplete List of Disallowed Inputs leading to Authenticated Remote Command Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-10T11:01:56", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-22", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20081", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ManageEngine ServiceDesk Plus", version: { version_data: [ { version_value: "Before 11205", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Incomplete List of Disallowed Inputs leading to Authenticated Remote Command Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-22", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-22", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20081", datePublished: "2021-06-10T11:01:56", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44077
Vulnerability from cvelistv5
Published
2021-11-29 03:17
Modified
2025-02-04 19:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:10:17.351Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-44077", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:30:45.713677Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-01", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44077", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:30:56.317Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-28T18:06:08.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529", }, { tags: [ "x_refsource_MISC", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-44077", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529", }, { name: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013", refsource: "MISC", url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013", }, { name: "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-44077", datePublished: "2021-11-29T03:17:45.000Z", dateReserved: "2021-11-20T00:00:00.000Z", dateUpdated: "2025-02-04T19:30:56.317Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12543
Vulnerability from cvelistv5
Published
2019-06-05 14:15
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12543 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tarantula-team/CVE-2019-12543", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-05T14:15:54", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tarantula-team/CVE-2019-12543", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12543", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tarantula-team/CVE-2019-12543", refsource: "MISC", url: "https://github.com/tarantula-team/CVE-2019-12543", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12543", datePublished: "2019-06-05T14:15:54", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-44526
Vulnerability from cvelistv5
Published
2021-12-23 14:57
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:25:16.449Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T14:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-44526", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-44526", datePublished: "2021-12-23T14:57:02", dateReserved: "2021-12-02T00:00:00", dateUpdated: "2024-08-04T04:25:16.449Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12542
Vulnerability from cvelistv5
Published
2019-06-05 14:25
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12542 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.420Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tarantula-team/CVE-2019-12542", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-05T14:25:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tarantula-team/CVE-2019-12542", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12542", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tarantula-team/CVE-2019-12542", refsource: "MISC", url: "https://github.com/tarantula-team/CVE-2019-12542", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12542", datePublished: "2019-06-05T14:25:33", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12189
Vulnerability from cvelistv5
Published
2019-05-21 17:30
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tuyenhva/CVE-2019-12189 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:10:30.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tuyenhva/CVE-2019-12189", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-23T17:06:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tuyenhva/CVE-2019-12189", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12189", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tuyenhva/CVE-2019-12189", refsource: "MISC", url: "https://github.com/tuyenhva/CVE-2019-12189", }, { name: "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12189", datePublished: "2019-05-21T17:30:14", dateReserved: "2019-05-19T00:00:00", dateUpdated: "2024-08-04T23:10:30.876Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12541
Vulnerability from cvelistv5
Published
2019-06-05 14:36
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12541 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.669Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tarantula-team/CVE-2019-12541", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-05T14:36:03", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tarantula-team/CVE-2019-12541", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12541", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tarantula-team/CVE-2019-12541", refsource: "MISC", url: "https://github.com/tarantula-team/CVE-2019-12541", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12541", datePublished: "2019-06-05T14:36:03", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.669Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26601
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2025-03-06 15:21
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:53.556Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-26601", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T15:20:44.480495Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-06T15:21:03.205Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-06T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://manageengine.com", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-26601", datePublished: "2023-03-06T00:00:00.000Z", dateReserved: "2023-02-26T00:00:00.000Z", dateUpdated: "2025-03-06T15:21:03.205Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-37415
Vulnerability from cvelistv5
Published
2021-09-01 05:29
Modified
2025-02-03 15:47
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:16:04.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2021-37415", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-14T21:13:15.974037Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-12-01", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-37415", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T15:47:17.612Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-01T05:29:11.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-37415", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com", refsource: "MISC", url: "https://www.manageengine.com", }, { name: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302", refsource: "CONFIRM", url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-37415", datePublished: "2021-09-01T05:29:11.000Z", dateReserved: "2021-07-23T00:00:00.000Z", dateUpdated: "2025-02-03T15:47:17.612Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15045
Vulnerability from cvelistv5
Published
2019-08-21 18:26
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Aug/17 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | x_refsource_MISC |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2019-15045", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-18T20:43:22.718803Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T20:43:30.010Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-05T00:34:53.183Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-21T22:06:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-15045", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "http://seclists.org/fulldisclosure/2019/Aug/17", refsource: "MISC", url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { name: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-15045", datePublished: "2019-08-21T18:26:18", dateReserved: "2019-08-14T00:00:00", dateUpdated: "2024-08-05T00:34:53.183Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-6843
Vulnerability from cvelistv5
Published
2020-01-23 13:34
Modified
2024-08-04 09:11
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sec-consult.com/en/vulnerability-lab/advisories/index.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Jan/32 | mailing-list, x_refsource_FULLDISC | |
| https://seclists.org/bugtraq/2020/Jan/34 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:11:05.153Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", }, { name: "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2020/Jan/32", }, { name: "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2020/Jan/34", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-24T19:41:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", }, { name: "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2020/Jan/32", }, { name: "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2020/Jan/34", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-6843", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", refsource: "MISC", url: "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", }, { name: "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2020/Jan/32", }, { name: "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2020/Jan/34", }, { name: "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", }, { name: "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", refsource: "CONFIRM", url: "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-6843", datePublished: "2020-01-23T13:34:01", dateReserved: "2020-01-11T00:00:00", dateUpdated: "2024-08-04T09:11:05.153Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-7248
Vulnerability from cvelistv5
Published
2018-05-11 14:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104287 | vdb-entry, x_refsource_BID | |
| https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0 | x_refsource_MISC | |
| https://gitlab.com/e-sterling/cve-2018-7248 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T06:24:11.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "104287", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104287", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/e-sterling/cve-2018-7248", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-05-08T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "104287", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104287", }, { tags: [ "x_refsource_MISC", ], url: "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/e-sterling/cve-2018-7248", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-7248", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "104287", refsource: "BID", url: "http://www.securityfocus.com/bid/104287", }, { name: "https://medium.com/@esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0", refsource: "MISC", url: "https://medium.com/@esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0", }, { name: "https://gitlab.com/e-sterling/cve-2018-7248", refsource: "MISC", url: "https://gitlab.com/e-sterling/cve-2018-7248", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-7248", datePublished: "2018-05-11T14:00:00", dateReserved: "2018-02-19T00:00:00", dateUpdated: "2024-08-05T06:24:11.842Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31160
Vulnerability from cvelistv5
Published
2021-06-29 13:10
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk-msp/readme.html#10521 | x_refsource_CONFIRM | |
| https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:52.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk-msp/readme.html#10521", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-01T12:24:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/service-desk-msp/readme.html#10521", }, { tags: [ "x_refsource_MISC", ], url: "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-31160", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk-msp/readme.html#10521", refsource: "CONFIRM", url: "https://www.manageengine.com/products/service-desk-msp/readme.html#10521", }, { name: "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/", refsource: "MISC", url: "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31160", datePublished: "2021-06-29T13:10:16", dateReserved: "2021-04-14T00:00:00", dateUpdated: "2024-08-03T22:55:52.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12540
Vulnerability from cvelistv5
Published
2019-07-11 13:15
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-11T13:15:36", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12540", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", refsource: "MISC", url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12540", datePublished: "2019-07-11T13:15:36", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12539
Vulnerability from cvelistv5
Published
2019-07-11 13:16
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:39.129Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-11T13:16:35", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12539", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", refsource: "MISC", url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12539", datePublished: "2019-07-11T13:16:35", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:39.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12538
Vulnerability from cvelistv5
Published
2019-06-05 14:40
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12538 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tarantula-team/CVE-2019-12538", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-06-05T14:40:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tarantula-team/CVE-2019-12538", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12538", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tarantula-team/CVE-2019-12538", refsource: "MISC", url: "https://github.com/tarantula-team/CVE-2019-12538", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12538", datePublished: "2019-06-05T14:40:41", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.611Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13154
Vulnerability from cvelistv5
Published
2020-05-18 21:38
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html | x_refsource_MISC | |
| https://gitlab.com/eLeN3Re/CVE-2020-13154 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:11:19.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-13154", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-19T12:16:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-13154", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-13154", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { name: "https://gitlab.com/eLeN3Re/CVE-2020-13154", refsource: "MISC", url: "https://gitlab.com/eLeN3Re/CVE-2020-13154", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-13154", datePublished: "2020-05-18T21:38:13", dateReserved: "2020-05-18T00:00:00", dateUpdated: "2024-08-04T12:11:19.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25245
Vulnerability from cvelistv5
Published
2022-04-05 18:27
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/cve-2022-25245.html | x_refsource_CONFIRM | |
| https://raxis.com/blog/cve-2022-25245 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.533Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-25245.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://raxis.com/blog/cve-2022-25245", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-07T20:01:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://manageengine.com", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-25245.html", }, { tags: [ "x_refsource_MISC", ], url: "https://raxis.com/blog/cve-2022-25245", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25245", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://manageengine.com", refsource: "MISC", url: "https://manageengine.com", }, { name: "https://www.manageengine.com/products/service-desk/cve-2022-25245.html", refsource: "CONFIRM", url: "https://www.manageengine.com/products/service-desk/cve-2022-25245.html", }, { name: "https://raxis.com/blog/cve-2022-25245", refsource: "MISC", url: "https://raxis.com/blog/cve-2022-25245", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25245", datePublished: "2022-04-05T18:27:38", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.533Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12252
Vulnerability from cvelistv5
Published
2019-05-21 17:24
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tuyenhva/CVE-2019-12252 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108456 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:17:38.211Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/tuyenhva/CVE-2019-12252", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html", }, { name: "108456", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/108456", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-05-27T07:06:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/tuyenhva/CVE-2019-12252", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html", }, { name: "108456", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/108456", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12252", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/readme.html", }, { name: "https://github.com/tuyenhva/CVE-2019-12252", refsource: "MISC", url: "https://github.com/tuyenhva/CVE-2019-12252", }, { name: "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html", }, { name: "108456", refsource: "BID", url: "http://www.securityfocus.com/bid/108456", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12252", datePublished: "2019-05-21T17:24:18", dateReserved: "2019-05-21T00:00:00", dateUpdated: "2024-08-04T23:17:38.211Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-26600
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2025-03-06 15:23
Severity ?
EPSS score ?
Summary
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:53:54.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-26600", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T15:21:57.870213Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-06T15:23:20.089Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-06T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://manageengine.com", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-26600", datePublished: "2023-03-06T00:00:00.000Z", dateReserved: "2023-02-26T00:00:00.000Z", dateUpdated: "2025-03-06T15:23:20.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41150
Vulnerability from cvelistv5
Published
2024-08-23 14:08
Modified
2024-08-23 14:38
Severity ?
EPSS score ?
Summary
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | ServiceDesk Plus |
Version: 0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-41150", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-23T14:38:04.957325Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-23T14:38:15.256Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://www.manageengine.com/products/service-desk/", defaultStatus: "unaffected", product: "ServiceDesk Plus", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14810", status: "affected", version: "0", versionType: "14810", }, ], }, { collectionURL: "https://www.manageengine.com/products/service-desk/", defaultStatus: "unaffected", product: "ServiceDesk Plus MSP", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14800", status: "affected", version: "0", versionType: "14810", }, ], }, { collectionURL: "https://www.manageengine.com/products/service-desk/", defaultStatus: "unaffected", product: "SupportCenter Plus", vendor: "ManageEngine", versions: [ { lessThanOrEqual: "14800", status: "affected", version: "0", versionType: "14810", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp <span style=\"background-color: rgb(255, 255, 255);\">ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.</span><p>This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.</p>", }, ], value: "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-23T14:15:04.852Z", orgId: "0fc0942c-577d-436f-ae8e-945763c79b02", shortName: "ManageEngine", }, references: [ { url: "https://www.manageengine.com/products/service-desk/CVE-2024-41150.html", }, ], source: { discovery: "UNKNOWN", }, title: "Stored XSS", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "0fc0942c-577d-436f-ae8e-945763c79b02", assignerShortName: "ManageEngine", cveId: "CVE-2024-41150", datePublished: "2024-08-23T14:08:17.169Z", dateReserved: "2024-07-16T07:03:21.737Z", dateUpdated: "2024-08-23T14:38:15.256Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35682
Vulnerability from cvelistv5
Published
2021-03-13 18:18
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:09:14.694Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-13T18:18:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-35682", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-35682", datePublished: "2021-03-13T18:18:15", dateReserved: "2020-12-24T00:00:00", dateUpdated: "2024-08-04T17:09:14.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40772
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:28:42.922Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://manageengine.com", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://manageengine.com", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-40772", datePublished: "2022-11-23T00:00:00", dateReserved: "2022-09-18T00:00:00", dateUpdated: "2024-08-03T12:28:42.922Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-9362
Vulnerability from cvelistv5
Published
2019-03-25 15:54
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://labs.integrity.pt/advisories/cve-2017-9362 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:02:44.347Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://labs.integrity.pt/advisories/cve-2017-9362", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-19T00:00:00", descriptions: [ { lang: "en", value: "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-25T15:54:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://labs.integrity.pt/advisories/cve-2017-9362", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-9362", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://labs.integrity.pt/advisories/cve-2017-9362", refsource: "MISC", url: "https://labs.integrity.pt/advisories/cve-2017-9362", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-9362", datePublished: "2019-03-25T15:54:17", dateReserved: "2017-06-02T00:00:00", dateUpdated: "2024-08-05T17:02:44.347Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29443
Vulnerability from cvelistv5
Published
2023-04-26 00:00
Modified
2025-02-03 19:08
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:46.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29443", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-03T19:08:35.854169Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-611", description: "CWE-611 Improper Restriction of XML External Entity Reference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-03T19:08:40.668Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-26T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-29443", datePublished: "2023-04-26T00:00:00.000Z", dateReserved: "2023-04-06T00:00:00.000Z", dateUpdated: "2025-02-03T19:08:40.668Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23074
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2025-03-27 14:27
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.254Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-23074", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T14:26:56.993309Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T14:27:27.473Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-14T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-23074", datePublished: "2023-02-01T00:00:00.000Z", dateReserved: "2023-01-11T00:00:00.000Z", dateUpdated: "2025-03-27T14:27:27.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23073
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2025-03-27 14:29
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:39.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-23073", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T14:28:33.009415Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T14:29:08.008Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-14T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-23073", datePublished: "2023-02-01T00:00:00.000Z", dateReserved: "2023-01-11T00:00:00.000Z", dateUpdated: "2025-03-27T14:29:08.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34197
Vulnerability from cvelistv5
Published
2023-07-07 00:00
Modified
2024-11-13 21:03
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:54.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34197", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T21:03:38.416283Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-13T21:03:43.380Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-07T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-34197", datePublished: "2023-07-07T00:00:00", dateReserved: "2023-05-30T00:00:00", dateUpdated: "2024-11-13T21:03:43.380Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-8395
Vulnerability from cvelistv5
Published
2019-02-17 04:00
Modified
2024-08-04 21:17
Severity ?
EPSS score ?
Summary
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:17:31.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-16T00:00:00", descriptions: [ { lang: "en", value: "An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-17T04:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-8395", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "CONFIRM", url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-8395", datePublished: "2019-02-17T04:00:00", dateReserved: "2019-02-16T00:00:00", dateUpdated: "2024-08-04T21:17:31.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-47966
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2024-09-13 17:58
Severity ?
EPSS score ?
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:02:36.652Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { tags: [ "x_transferred", ], url: "https://github.com/horizon3ai/CVE-2022-47966", }, { tags: [ "x_transferred", ], url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { tags: [ "x_transferred", ], url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { tags: [ "x_transferred", ], url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-47966", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-22T05:00:59.744032Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-01-23", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47966", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-13T17:58:23.660Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T19:33:35.401552", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, { url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { url: "https://github.com/horizon3ai/CVE-2022-47966", }, { url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-47966", datePublished: "2023-01-18T00:00:00", dateReserved: "2022-12-26T00:00:00", dateUpdated: "2024-09-13T17:58:23.660Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5799
Vulnerability from cvelistv5
Published
2018-03-30 13:00
Modified
2024-08-05 05:47
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Mar/58 | mailing-list, x_refsource_FULLDISC | |
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:47:55.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20180327 ManageEngine Service Desk Plus < 9403 Cross-Site Scripting", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2018/Mar/58", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-21T00:00:00", descriptions: [ { lang: "en", value: "In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-30T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20180327 ManageEngine Service Desk Plus < 9403 Cross-Site Scripting", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2018/Mar/58", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5799", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20180327 ManageEngine Service Desk Plus < 9403 Cross-Site Scripting", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2018/Mar/58", }, { name: "https://www.manageengine.com/products/service-desk/readme.html", refsource: "CONFIRM", url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5799", datePublished: "2018-03-30T13:00:00", dateReserved: "2018-01-19T00:00:00", dateUpdated: "2024-08-05T05:47:55.876Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38869
Vulnerability from cvelistv5
Published
2024-08-23 14:07
Modified
2024-08-30 18:47
Severity ?
EPSS score ?
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Endpoint Central |
Version: 0 Version: 0 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "manageengine_endpoint_central", vendor: "zohocorp", versions: [ { lessThan: "11.3.2416.04", status: "affected", version: "0", versionType: "custom", }, { lessThan: "11.3.2400.25", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-38869", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-30T18:31:53.529114Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-30T18:47:26.580Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://www.manageengine.com/?pos=EndpointCentral", defaultStatus: "unaffected", product: "Endpoint Central", vendor: "ManageEngine", versions: [ { lessThan: "11.3.2416.04", status: "affected", version: "0", versionType: "11.3.2416.04", }, { lessThan: "11.3.2400.25", status: "affected", version: "0", versionType: "11.3.2400.25", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Zohocorp ManageEngine Endpoint Central affected by <span style=\"background-color: rgb(255, 255, 255);\">Incorrect authorization vulnerability in remote office deploy configurations.</span><p>This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.</p>", }, ], value: "Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T17:30:05.650Z", orgId: "0fc0942c-577d-436f-ae8e-945763c79b02", shortName: "ManageEngine", }, references: [ { url: "https://www.manageengine.com/products/desktop-central/security-updates-config-access.html", }, ], source: { discovery: "UNKNOWN", }, title: "Incorrect Authorization", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "0fc0942c-577d-436f-ae8e-945763c79b02", assignerShortName: "ManageEngine", cveId: "CVE-2024-38869", datePublished: "2024-08-23T14:07:46.792Z", dateReserved: "2024-06-20T13:15:39.620Z", dateUpdated: "2024-08-30T18:47:26.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20080
Vulnerability from cvelistv5
Published
2021-04-09 17:21
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-11 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | ManageEngine ServiceDesk Plus |
Version: Before 11200 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.tenable.com/security/research/tra-2021-11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ManageEngine ServiceDesk Plus", vendor: "n/a", versions: [ { status: "affected", version: "Before 11200", }, ], }, { product: "ManageEngine AssetExplorer", vendor: "n/a", versions: [ { status: "affected", version: "Before 6800", }, ], }, ], descriptions: [ { lang: "en", value: "Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.", }, ], problemTypes: [ { descriptions: [ { description: "Unauthenticated Stored Cross-site Scripting (XSS)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-04-09T17:21:07", orgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", shortName: "tenable", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.tenable.com/security/research/tra-2021-11", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vulnreport@tenable.com", ID: "CVE-2021-20080", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ManageEngine ServiceDesk Plus", version: { version_data: [ { version_value: "Before 11200", }, ], }, }, { product_name: "ManageEngine AssetExplorer", version: { version_data: [ { version_value: "Before 6800", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Unauthenticated Stored Cross-site Scripting (XSS)", }, ], }, ], }, references: { reference_data: [ { name: "https://www.tenable.com/security/research/tra-2021-11", refsource: "MISC", url: "https://www.tenable.com/security/research/tra-2021-11", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", assignerShortName: "tenable", cveId: "CVE-2021-20080", datePublished: "2021-04-09T17:21:07", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-35403
Vulnerability from cvelistv5
Published
2022-07-12 21:56
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/cve-2022-35403.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:36:43.375Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-35403.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-12T21:56:46", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-35403.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-35403", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/products/service-desk/cve-2022-35403.html", refsource: "MISC", url: "https://www.manageengine.com/products/service-desk/cve-2022-35403.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-35403", datePublished: "2022-07-12T21:56:46", dateReserved: "2022-07-08T00:00:00", dateUpdated: "2024-08-03T09:36:43.375Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23078
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2025-03-27 14:19
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.259Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator", }, { tags: [ "x_transferred", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-23078", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T14:18:59.527644Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-27T14:19:08.435Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-22T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator", }, { url: "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-23078", datePublished: "2023-02-01T00:00:00.000Z", dateReserved: "2023-01-11T00:00:00.000Z", dateUpdated: "2025-03-27T14:19:08.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-05-21 18:29
Modified
2024-11-21 04:22
Severity ?
Summary
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7D82A6D5-537F-4070-9E2B-C4FBA5FDB22D", versionEndIncluding: "10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.", }, { lang: "es", value: "En Zoho ManageEngine ServiceDesk Plus hasta la versión 10.5, los usuarios con menos privilegios (guest) pueden ver una publicación arbitraria agregando su número al SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.", }, ], id: "CVE-2019-12252", lastModified: "2024-11-21T04:22:29.203", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-21T18:29:00.487", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/108456", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/tuyenhva/CVE-2019-12252", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.securityfocus.com/bid/108456", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/tuyenhva/CVE-2019-12252", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-639", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-12 02:15
Modified
2024-11-21 05:02
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/eLeN3Re/CVE-2020-14048 | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/eLeN3Re/CVE-2020-14048 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:-:*:*:*:*:*:*", matchCriteriaId: "5B4536B5-8263-4D00-A7A4-1B286BB7B311", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8201:*:*:*:*:*:*", matchCriteriaId: "24902805-615E-43C2-BB25-911B8D8ADE29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8202:*:*:*:*:*:*", matchCriteriaId: "554F4EA8-601E-42C4-A154-150EC217A1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8203:*:*:*:*:*:*", matchCriteriaId: "92DFF866-8BF6-416D-BD33-EDA523D1E09C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8204:*:*:*:*:*:*", matchCriteriaId: "E4A0EC51-3D07-4227-A157-4CA204FD02BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8205:*:*:*:*:*:*", matchCriteriaId: "9E9AAB0C-0DBD-47A7-8F0C-670FE85F5CD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8206:*:*:*:*:*:*", matchCriteriaId: "D2C44765-DC25-40B9-82D5-AC143821755B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8207:*:*:*:*:*:*", matchCriteriaId: "937E95E7-E925-40FC-A112-6DA545EF6584", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8208:*:*:*:*:*:*", matchCriteriaId: "7981B9EF-AA5D-4022-B2AB-2EE57A2B1DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8209:*:*:*:*:*:*", matchCriteriaId: "B6B85248-1BD3-4648-B0B3-BD9E98A92A18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8210:*:*:*:*:*:*", matchCriteriaId: "AB274DBB-2B3D-4B7C-9B12-FC5CCABD0F3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8211:*:*:*:*:*:*", matchCriteriaId: "F58D17A3-7395-42CB-A6A1-3362AC37CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8212:*:*:*:*:*:*", matchCriteriaId: "98959391-6262-48D6-8546-C42A5D2489C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8213:*:*:*:*:*:*", matchCriteriaId: "E07DD7A7-7D58-4615-ABA3-718088A897FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8214:*:*:*:*:*:*", matchCriteriaId: "C911FE7F-2B93-44E2-BF4A-AF9344D1E3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8215:*:*:*:*:*:*", matchCriteriaId: "0CEC9CE1-0BE7-4434-B853-A2850EBEB3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8216:*:*:*:*:*:*", matchCriteriaId: "0E237ABD-4FB9-4DB9-94CE-69F01727799A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8217:*:*:*:*:*:*", matchCriteriaId: "6DEF0341-D42E-4C47-8224-704DD41F7D99", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:-:*:*:*:*:*:*", matchCriteriaId: "577B5A33-FC1D-4334-882E-7007CBF264D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9000:*:*:*:*:*:*", matchCriteriaId: "E2AEEE6B-0187-4D37-A042-170CBE780127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9001:*:*:*:*:*:*", matchCriteriaId: "0070815C-273A-45A7-BD4A-F0A4553D326E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9002:*:*:*:*:*:*", matchCriteriaId: "F81E4E47-E8DB-4983-8226-6C5E5A283EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9003:*:*:*:*:*:*", matchCriteriaId: "4297FC42-1E40-4AAE-B492-AF29DA0C2979", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9004:*:*:*:*:*:*", matchCriteriaId: "04AA8545-FFFF-4731-BBFC-7BF577872F73", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9005:*:*:*:*:*:*", matchCriteriaId: "D83ACA73-42A4-43CF-B099-9842C935A8CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9006:*:*:*:*:*:*", matchCriteriaId: "74698925-CD1A-483D-9F72-DF95599E9150", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9007:*:*:*:*:*:*", matchCriteriaId: "1ADA7A20-BA3C-4537-8FB5-D5538C762790", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9008:*:*:*:*:*:*", matchCriteriaId: "E29931D8-5840-4796-92D3-FD30FAC633FF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9009:*:*:*:*:*:*", matchCriteriaId: "D4CBFDCE-9DAE-4541-A49E-C864BF849E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9010:*:*:*:*:*:*", matchCriteriaId: "02FEA14F-7656-43AF-8028-CBA7D0DA0AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9011:*:*:*:*:*:*", matchCriteriaId: "2FE60600-A21B-4153-8296-51EAA465CE8A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9012:*:*:*:*:*:*", matchCriteriaId: "A14D0484-66C4-4EF5-9601-9E533FD0AAED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9013:*:*:*:*:*:*", matchCriteriaId: "DC5D293D-A02C-422A-ADD8-FA6EDD72F4FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9014:*:*:*:*:*:*", matchCriteriaId: "9B780FA5-AF88-4315-9C8A-9AAB8E8030A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9016:*:*:*:*:*:*", matchCriteriaId: "605575AD-C3C8-43A4-AB03-E9719F792324", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9017:*:*:*:*:*:*", matchCriteriaId: "6EFA48CD-C990-4CFE-8C4C-2449D3A3E665", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9018:*:*:*:*:*:*", matchCriteriaId: "14E92F04-550A-4ED9-AF4E-DD7E9F5E15E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9019:*:*:*:*:*:*", matchCriteriaId: "E9DACA83-23CF-4C8D-B5A1-1A1A7AEC20FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9020:*:*:*:*:*:*", matchCriteriaId: "B2733446-DFA8-4B15-A50F-BB6E07D5927E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9021:*:*:*:*:*:*", matchCriteriaId: "10DBE5B0-7E17-413A-AAA8-5F0DEFD6D479", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9022:*:*:*:*:*:*", matchCriteriaId: "744C7BC5-3053-493E-8F1E-52B875EA66F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9023:*:*:*:*:*:*", matchCriteriaId: "24444021-610D-4EF2-BB1A-EB70CD2A5F74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9024:*:*:*:*:*:*", matchCriteriaId: "0594BCB0-F5A5-4F2D-B024-13AC67AA4B0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9025:*:*:*:*:*:*", matchCriteriaId: "004E66AE-F871-45D1-A47A-F27462167C37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9026:*:*:*:*:*:*", matchCriteriaId: "18248546-B217-47A3-8EC1-C71E4358F5B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9027:*:*:*:*:*:*", matchCriteriaId: "160FD535-5B72-4182-9828-725BAF335DD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9028:*:*:*:*:*:*", matchCriteriaId: "49692C35-49DC-4EE5-B360-16078A94D968", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9029:*:*:*:*:*:*", matchCriteriaId: "47A9D8FE-E92F-4136-B212-C42541653781", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9030:*:*:*:*:*:*", matchCriteriaId: "A266AC34-BDF8-4D65-82C9-85D69C509BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9031:*:*:*:*:*:*", matchCriteriaId: "A2EFEE24-1C21-488E-B286-656D25B758BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9032:*:*:*:*:*:*", matchCriteriaId: "5903D3C4-BF84-4CEB-95E9-60C8D4E69D9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9033:*:*:*:*:*:*", matchCriteriaId: "42C571A1-70D4-48DF-8037-31FE362AA7C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9034:*:*:*:*:*:*", matchCriteriaId: "768B75E8-7EAE-4AE6-98BB-A90193A678B3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9035:*:*:*:*:*:*", matchCriteriaId: "3150232F-41A2-4098-81F9-CEF1A60B2F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9036:*:*:*:*:*:*", matchCriteriaId: "7850BA73-70CD-4047-AE49-56C5373E20A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9037:*:*:*:*:*:*", matchCriteriaId: "134755A0-28D8-4495-B443-A092C5C0E4EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9038:*:*:*:*:*:*", matchCriteriaId: "D4594C2E-E003-4586-BAF8-DC687347EFB3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9039:*:*:*:*:*:*", matchCriteriaId: "06A9CD32-A6E3-4BFE-8501-FB63000731D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9040:*:*:*:*:*:*", matchCriteriaId: "DBBB3BA2-0FEB-4883-B742-64C478A37B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9041:*:*:*:*:*:*", matchCriteriaId: "793E9796-D53B-4293-9ECA-4B6EB8E217F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9042:*:*:*:*:*:*", matchCriteriaId: "62244706-A31F-48B8-B35D-C4B0AABAC678", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9043:*:*:*:*:*:*", matchCriteriaId: "5DD600F0-DF69-474C-B2ED-8551BF9F25FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9044:*:*:*:*:*:*", matchCriteriaId: "9D087887-925B-4D03-A04B-110D59A6BC93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9045:*:*:*:*:*:*", matchCriteriaId: "8556C499-F15B-4538-BE38-AD1112917F86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9046:*:*:*:*:*:*", matchCriteriaId: "9300D81A-196A-4C76-ACC1-FE063E1A8CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9047:*:*:*:*:*:*", matchCriteriaId: "A7529CE5-C62D-4676-A2F2-15E76F66BD57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9048:*:*:*:*:*:*", matchCriteriaId: "E0C73A49-8143-4C35-95AB-31BB56C80438", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9049:*:*:*:*:*:*", matchCriteriaId: "3F1E996E-FB6A-4F65-9A48-52029627AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:-:*:*:*:*:*:*", matchCriteriaId: "71BB9EF4-882F-4339-A088-DFD3EE1296D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9100:*:*:*:*:*:*", matchCriteriaId: "C79B3F6A-7AE0-487E-8044-B6C15E9C21E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9101:*:*:*:*:*:*", matchCriteriaId: "977BF207-74F1-4D9D-BFF9-BF63469E260E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9102:*:*:*:*:*:*", matchCriteriaId: "1EBB9679-E791-4926-9155-99C894F26EAD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9103:*:*:*:*:*:*", matchCriteriaId: "E3FA3476-AEEC-47E6-A2DF-19B24A4CA9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9104:*:*:*:*:*:*", matchCriteriaId: "035C0A12-BB52-448B-8B34-C62083A60917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9105:*:*:*:*:*:*", matchCriteriaId: "C74B8E40-88E9-495E-980E-20AA69BE4E26", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9106:*:*:*:*:*:*", matchCriteriaId: "CF088327-2D8E-4409-852C-BFF68E6D7449", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9107:*:*:*:*:*:*", matchCriteriaId: "6B8EEE98-CE3E-4D63-AEBE-C0061B7F1CC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9108:*:*:*:*:*:*", matchCriteriaId: "F7738BD7-CA9D-443B-A743-69B96243956B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9109:*:*:*:*:*:*", matchCriteriaId: "6801BD3B-5B95-410B-ABD8-3E1729856615", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9110:*:*:*:*:*:*", matchCriteriaId: "5F6F567B-E445-45B1-ACB6-C61628F39962", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9111:*:*:*:*:*:*", matchCriteriaId: "C066567A-E5A2-48CA-8EAF-2919FC499569", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9112:*:*:*:*:*:*", matchCriteriaId: "B060B925-FDE8-48B3-BF41-32E828ACC5C6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9113:*:*:*:*:*:*", matchCriteriaId: "48C1DC18-3FA3-4709-8251-EB9AD370E529", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9114:*:*:*:*:*:*", matchCriteriaId: "8A46CF84-1258-4217-97E1-B387BAA40A09", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9115:*:*:*:*:*:*", matchCriteriaId: "F8DA4A28-1151-4BFB-A9A0-9BC128FDD57A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9116:*:*:*:*:*:*", matchCriteriaId: "9C7D2FB4-22D5-4A58-AB8E-2B543A57CCD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9117:*:*:*:*:*:*", matchCriteriaId: "799B4970-767F-4207-AACF-2F1AAE09DE47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9118:*:*:*:*:*:*", matchCriteriaId: "068C757A-03A5-4AB2-825F-675028C8E5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9119:*:*:*:*:*:*", matchCriteriaId: "CB0BFAA6-2D92-4FEA-AFDF-1FB005C64CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9120:*:*:*:*:*:*", matchCriteriaId: "412C04A6-F5FD-4EBB-8FCE-BE489D726352", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9121:*:*:*:*:*:*", matchCriteriaId: "842FF39B-7EC2-42AE-8B98-006D8E455A1F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:-:*:*:*:*:*:*", matchCriteriaId: "5272F67C-EBCE-46B5-BF68-DB183704BE45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9200:*:*:*:*:*:*", matchCriteriaId: "DB4472B8-232E-4700-B376-2006005F0F4D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9201:*:*:*:*:*:*", matchCriteriaId: "01A82F61-8882-419F-9715-3A636F5FBD5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9202:*:*:*:*:*:*", matchCriteriaId: "87F8B3E1-8936-470A-BB41-5E5EEC2B86F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9203:*:*:*:*:*:*", matchCriteriaId: "D18E2BB1-3F3B-42BA-8CC0-43627C6B676E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9204:*:*:*:*:*:*", matchCriteriaId: "9B2EE162-C6DE-4182-93A0-021A5410E83C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9205:*:*:*:*:*:*", matchCriteriaId: "C420A37E-E89A-472D-B605-0943F21C0592", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9206:*:*:*:*:*:*", matchCriteriaId: "80BF4466-5244-4238-AD69-66697E5B30B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9207:*:*:*:*:*:*", matchCriteriaId: "54DFDAB9-540E-4388-9FA0-9CAE93FDD78F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9208:*:*:*:*:*:*", matchCriteriaId: "72D32098-2C3C-4EA0-BFE0-127DA43DF136", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9209:*:*:*:*:*:*", matchCriteriaId: "6CD17130-56ED-4460-844D-B877F7E9EB6F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9210:*:*:*:*:*:*", matchCriteriaId: "67C76DD0-258A-4D39-8694-0191B608FDCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9211:*:*:*:*:*:*", matchCriteriaId: "0522B2B2-5647-46AF-AAAE-F86DDACA790B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9212:*:*:*:*:*:*", matchCriteriaId: "524258FD-71A0-4E2D-BE58-2500944EDAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9213:*:*:*:*:*:*", matchCriteriaId: "3529FA8F-A5F5-44DF-9E77-80C9DA7F8ED6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9214:*:*:*:*:*:*", matchCriteriaId: "1117F600-7DA8-4FB7-8CE0-D5EE8194A3F2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9215:*:*:*:*:*:*", matchCriteriaId: "907FE1F5-9F3B-4B06-A89D-CA842BB956AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9216:*:*:*:*:*:*", matchCriteriaId: "5707EB1A-2D06-4FDE-AC23-4EF391018423", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9217:*:*:*:*:*:*", matchCriteriaId: "03A1E00A-5EEC-4DD8-9A6B-732A140E4F24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9218:*:*:*:*:*:*", matchCriteriaId: "DF75E79B-5680-4E72-9597-12C9A32FB075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9219:*:*:*:*:*:*", matchCriteriaId: "03DF444A-CA6E-426B-BC7E-2F1E73E4E5EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9220:*:*:*:*:*:*", matchCriteriaId: "0BE8B99C-0D4F-4BB1-AE62-8FBC1A0F3C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9221:*:*:*:*:*:*", matchCriteriaId: "47B69879-E65E-4C31-AC89-C872AF7C7736", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9222:*:*:*:*:*:*", matchCriteriaId: "BE7E7D41-BE15-4439-AB25-65F1FA4A27EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9223:*:*:*:*:*:*", matchCriteriaId: "2008020E-9A7C-42A7-BCA7-DB8A27F5AD6F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9224:*:*:*:*:*:*", matchCriteriaId: "2550C2F0-97B2-49FF-B7EF-D4AD7BA6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9225:*:*:*:*:*:*", matchCriteriaId: "D3177C32-5A5D-44B4-BD9B-A261EE536098", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9226:*:*:*:*:*:*", matchCriteriaId: "EF5DB83F-5E79-4DD8-AC70-36EE7BB88C30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9227:*:*:*:*:*:*", matchCriteriaId: "68922363-7E1B-42EE-8F29-F19F7AD54F66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9228:*:*:*:*:*:*", matchCriteriaId: "3C1D71E8-AD75-4019-9D8D-BCF1C30F16CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9229:*:*:*:*:*:*", matchCriteriaId: "B28D8431-61FF-4943-9EBE-C0C824B9206F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9230:*:*:*:*:*:*", matchCriteriaId: "00F9A491-EDBB-4C72-A598-03AD807046AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9231:*:*:*:*:*:*", matchCriteriaId: "1DBA185A-70DE-4919-89F8-9DF1CA17FB3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9232:*:*:*:*:*:*", matchCriteriaId: "789190B8-4EAA-4D57-9B59-D30C2183E3D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9233:*:*:*:*:*:*", matchCriteriaId: "0655B57A-0A51-4541-AF81-EBA9E7A200A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9234:*:*:*:*:*:*", matchCriteriaId: "CF4F0539-649F-41FD-8BB6-7158183A670C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9235:*:*:*:*:*:*", matchCriteriaId: "8DD9A63F-309F-423F-98AB-86007CED2C7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9236:*:*:*:*:*:*", matchCriteriaId: "E7389397-03A6-48C6-98AC-7273E3CEF7D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9237:*:*:*:*:*:*", matchCriteriaId: "CC5E6061-FC5D-4201-BD39-3862556F4E66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9238:*:*:*:*:*:*", matchCriteriaId: "0D33A187-CE61-4A39-8BF7-8A65871C54BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9239:*:*:*:*:*:*", matchCriteriaId: "C42C7942-7F44-42A7-882E-D69CB93620E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9240:*:*:*:*:*:*", matchCriteriaId: "11FD12A0-12FC-4D45-8F5A-86D039D5194A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9241:*:*:*:*:*:*", matchCriteriaId: "A006266D-5686-4867-A9B9-BCAE40B69FAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9242:*:*:*:*:*:*", matchCriteriaId: "967FC7F6-3580-4DCE-A7F0-7C27D0D9FAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:-:*:*:*:*:*:*", matchCriteriaId: "28144D4F-B106-466E-97FE-95792AF01EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9300:*:*:*:*:*:*", matchCriteriaId: "45E23A86-2DFB-419B-AD19-1A63E0D12203", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9301:*:*:*:*:*:*", matchCriteriaId: "D6E8AD08-4E3C-4503-A582-B6CEDAE362B4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9302:*:*:*:*:*:*", matchCriteriaId: "2E3824C3-8B4C-4C52-AC13-3911BEE11A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9303:*:*:*:*:*:*", matchCriteriaId: "52500AC3-F89B-4A95-8C44-B74DA14EF9F2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9304:*:*:*:*:*:*", matchCriteriaId: "1A2C7747-9D88-4962-B8F6-0B4309D0F168", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9305:*:*:*:*:*:*", matchCriteriaId: "E788E5CD-4274-42A1-9974-30E0380D87F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9306:*:*:*:*:*:*", matchCriteriaId: "BD942532-B9A1-4F7B-8E1B-C456516E7168", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9307:*:*:*:*:*:*", matchCriteriaId: "6F16D144-7DDA-4151-8763-FC846BF114EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9308:*:*:*:*:*:*", matchCriteriaId: "43AF43F0-A9E2-4A3F-8011-D52B9D5A2A0F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9309:*:*:*:*:*:*", matchCriteriaId: "B70C28C0-77C2-4A77-8958-A055EB307008", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9310:*:*:*:*:*:*", matchCriteriaId: "BE28CD2C-2B3A-43CF-BDA4-D98852D75EBA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9311:*:*:*:*:*:*", matchCriteriaId: "BD8C312B-8348-4476-B0C3-1544F2D378F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9312:*:*:*:*:*:*", matchCriteriaId: "F56255C6-9E9A-48C4-A83A-C8FA8EEE2190", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9313:*:*:*:*:*:*", matchCriteriaId: "2510E11A-992C-4ED7-9338-AF3B7BBA7160", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9314:*:*:*:*:*:*", matchCriteriaId: "778D0E3E-E77B-44BD-8155-5464405C8691", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9315:*:*:*:*:*:*", matchCriteriaId: "D708A96D-F89E-44D0-B655-6A8BD1D08B72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9316:*:*:*:*:*:*", matchCriteriaId: "4524947C-3F09-4DC7-BE0E-B695BC4C00EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*", matchCriteriaId: "FA1D85B3-8327-4032-96A1-CF3EAF477160", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9318:*:*:*:*:*:*", matchCriteriaId: "78B40A2C-6289-4581-AA84-58FF00DF8861", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9319:*:*:*:*:*:*", matchCriteriaId: "26C645F1-4C43-4D82-B223-2A037A154466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9320:*:*:*:*:*:*", matchCriteriaId: "FA95FDD5-5530-4B25-9702-12A39FF49F65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9321:*:*:*:*:*:*", matchCriteriaId: "4B8CA6EF-F82C-40A7-B8B4-476082E8F6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9322:*:*:*:*:*:*", matchCriteriaId: "27627445-9D74-4A82-80C1-17D32B7FF498", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9323:*:*:*:*:*:*", matchCriteriaId: "C5C1BB5D-890E-4A9D-9F2F-68C18DB6BB31", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9324:*:*:*:*:*:*", matchCriteriaId: "3DA73624-42A9-4FB6-B04A-A06AAE3550AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9325:*:*:*:*:*:*", matchCriteriaId: "488F83E8-B1C3-4FF9-82AA-6E849146716A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9326:*:*:*:*:*:*", matchCriteriaId: "B68BF79E-EBB3-4427-AF00-818368FB2873", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9327:*:*:*:*:*:*", matchCriteriaId: "32795B52-2EBE-49D5-9CF2-7809E07D9773", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9328:*:*:*:*:*:*", matchCriteriaId: "BB5FB7E0-7480-4621-A891-F0B146362068", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9329:*:*:*:*:*:*", matchCriteriaId: "01DCE8C6-9F6F-492F-836A-F2959D4D6B2A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9330:*:*:*:*:*:*", matchCriteriaId: "99E9D0C9-98B1-40C9-AB15-ED26C2FD3618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9331:*:*:*:*:*:*", matchCriteriaId: "6939C42F-7B4E-4D63-B2A3-45624307AE05", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9332:*:*:*:*:*:*", matchCriteriaId: "61804D75-F80A-4432-9872-3CCF74719AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9333:*:*:*:*:*:*", matchCriteriaId: "84B391A6-11E1-4269-8697-1ED54420B4AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9334:*:*:*:*:*:*", matchCriteriaId: "D8FFC18D-60E1-4E0C-9E1B-73CEEC751882", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9335:*:*:*:*:*:*", matchCriteriaId: "B09F30F9-2EF8-4E93-BD62-E57A553F5BD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9336:*:*:*:*:*:*", matchCriteriaId: "6E8AAA4B-9A8B-4C62-AFAC-D16AD4B4BF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:-:*:*:*:*:*:*", matchCriteriaId: "1A5B76DE-A0AA-430C-B28F-C9787E7A2EC4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9400:*:*:*:*:*:*", matchCriteriaId: "0261CF58-FB52-40F2-AFB2-F48E9D9F3673", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9401:*:*:*:*:*:*", matchCriteriaId: "8AE37BD3-5FDE-4A0E-9741-60F9E764D7D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9402:*:*:*:*:*:*", matchCriteriaId: "A6C7DD80-BCA4-4121-B1B3-50798BDA71B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9403:*:*:*:*:*:*", matchCriteriaId: "DCC29FD5-BD55-44BB-B8F3-8D04C23DB745", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9404:*:*:*:*:*:*", matchCriteriaId: "551778C6-7F1F-425F-A6C9-5DB05B0A7079", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9405:*:*:*:*:*:*", matchCriteriaId: "2A59669F-DA4C-4CA6-8707-A68F70D7CEF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9406:*:*:*:*:*:*", matchCriteriaId: "B01B3E70-E529-4152-97B8-98CE35582BE4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9407:*:*:*:*:*:*", matchCriteriaId: "81A265ED-AE4A-4458-81D1-CB8D7EE64442", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9408:*:*:*:*:*:*", matchCriteriaId: "3CAE5F44-B29C-43D9-8F15-CA45AF9FBB34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9409:*:*:*:*:*:*", matchCriteriaId: "9A66E0C6-071B-4211-ADDD-0555222FEBB2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9410:*:*:*:*:*:*", matchCriteriaId: "A4F3A38F-F263-49C0-BE02-8F8C06E11153", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9411:*:*:*:*:*:*", matchCriteriaId: "7995FB82-C17D-40A4-88E7-D2CB2D41F34C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9412:*:*:*:*:*:*", matchCriteriaId: "A0D73AC6-9715-4ED5-9E9B-F25B9A4A9CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9413:*:*:*:*:*:*", matchCriteriaId: "BB66FAC9-E0D2-444E-9568-2556662B008B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9414:*:*:*:*:*:*", matchCriteriaId: "EF1F53F4-CAA0-4529-A951-263C5FD00270", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9415:*:*:*:*:*:*", matchCriteriaId: "3F1F303C-DBAD-4019-833D-CC92CC3DF32E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9416:*:*:*:*:*:*", matchCriteriaId: "1D8AEDA6-E161-4386-8E0F-424CB6F87CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9417:*:*:*:*:*:*", matchCriteriaId: "03FA25BC-B64A-4424-B7D3-97644BDF2015", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9418:*:*:*:*:*:*", matchCriteriaId: "C5244D26-D896-4A8F-A9A7-0B1EC2CDDC06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9419:*:*:*:*:*:*", matchCriteriaId: "827EFFB4-E0E6-4F3B-8397-AE73A3D11B94", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9420:*:*:*:*:*:*", matchCriteriaId: "0A9B0CF3-FE52-4CA1-B1F7-A018FD121FEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9421:*:*:*:*:*:*", matchCriteriaId: "C410A5F5-2415-4767-B120-80645B211013", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9422:*:*:*:*:*:*", matchCriteriaId: "D261E9EC-EFFE-4206-A046-B66DFB8E696C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9423:*:*:*:*:*:*", matchCriteriaId: "778FE067-DAE0-483F-8C73-78906F43ED02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9424:*:*:*:*:*:*", matchCriteriaId: "5DB32A17-00B0-4424-88CD-C9C9253B14E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9425:*:*:*:*:*:*", matchCriteriaId: "F1E09302-1460-4909-8DA7-5904C448CA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9426:*:*:*:*:*:*", matchCriteriaId: "A4E0DF6C-1980-4634-9A10-740895379369", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9427:*:*:*:*:*:*", matchCriteriaId: "F6553A33-8FF8-48B3-ACAF-C7CBAB6B8383", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*", matchCriteriaId: "97CABEC7-2B76-4B17-B906-1CB2B49515A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*", matchCriteriaId: "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*", matchCriteriaId: "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*", matchCriteriaId: "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*", matchCriteriaId: "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*", matchCriteriaId: "01754D60-5592-4193-A2DF-4CE12D30CF24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*", matchCriteriaId: "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*", matchCriteriaId: "21DC1DA3-012F-4AF2-B6CA-968E50A503EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*", matchCriteriaId: "9DE94B05-7B6A-4912-8590-D9C1791F9B68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*", matchCriteriaId: "16C27699-4157-4473-9FB3-01151B3E21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*", matchCriteriaId: "F9AC6EC8-E1CA-4889-8AF8-482649CF2139", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*", matchCriteriaId: "4186B73E-0E0F-48E1-9A51-B90E228BDA14", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*", matchCriteriaId: "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*", matchCriteriaId: "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*", matchCriteriaId: "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*", matchCriteriaId: "1CD8BB75-E9F0-4675-835B-131C1B459138", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*", matchCriteriaId: "32CFCFEF-FA96-405A-AF7A-A652371A44F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*", matchCriteriaId: "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*", matchCriteriaId: "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*", matchCriteriaId: "9B48D8ED-0539-402C-92A0-0BE8F88ABA46", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*", matchCriteriaId: "20604986-B662-4553-A481-9AC2979C2871", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*", matchCriteriaId: "FF77ADEA-AC44-49FF-BA41-C130FFD01F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*", matchCriteriaId: "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*", matchCriteriaId: "F10A782D-24BB-477D-B828-38FF8C008E85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10500:*:*:*:*:*:*", matchCriteriaId: "EF3B542D-DC8F-4717-B0A8-4466BED2D113", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10501:*:*:*:*:*:*", matchCriteriaId: "982C13E3-8FFD-4112-8866-76C8318BA394", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10502:*:*:*:*:*:*", matchCriteriaId: "300DBEAF-859F-4EBC-919D-0FEDF83CF60F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10503:*:*:*:*:*:*", matchCriteriaId: "8CD6A14F-CE77-41A5-8B11-7CE23A5156E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10504:*:*:*:*:*:*", matchCriteriaId: "E8DF283F-EC49-4930-9319-55562EE1274D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10505:*:*:*:*:*:*", matchCriteriaId: "58C762E2-9B16-4398-A130-5F7AE4171C15", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10506:*:*:*:*:*:*", matchCriteriaId: "CB6C1D7E-00AA-421F-9937-78A837AD41E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10507:*:*:*:*:*:*", matchCriteriaId: "100F898D-525D-4EC1-802D-63BA0EF5690A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10508:*:*:*:*:*:*", matchCriteriaId: "259A3358-86C4-49AB-A113-F000AC076497", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10509:*:*:*:*:*:*", matchCriteriaId: "897FFAD7-D739-4F54-B496-726DA42D1B53", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10510:*:*:*:*:*:*", matchCriteriaId: "D7DDEBCC-8375-4209-883C-CBF669F71DBD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10511:*:*:*:*:*:*", matchCriteriaId: "230A0B00-DE83-472A-A6F9-91DEF51C3756", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10512:*:*:*:*:*:*", matchCriteriaId: "8DB3456E-E1AB-497E-80C4-4B039445146D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10513:*:*:*:*:*:*", matchCriteriaId: "B86DFA37-FBBF-46A7-9350-C97A15514290", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10514:*:*:*:*:*:*", matchCriteriaId: "44226AFE-5AA4-4D83-A85B-6BAB6B1B5609", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:-:*:*:*:*:*:*", matchCriteriaId: "BD81D0B5-4C34-4260-A35C-225BBCA3D71A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "3C858317-2F95-4BA2-A9A0-F03BBC3CC2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "0D2B81A8-C2EE-4666-8D17-A09CCBE6E789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BF4C5D27-877D-4E79-8634-CC6F2DCB66FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "01F753C4-11F6-4F65-8C38-3A308AA577E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "330149F0-BBE4-4890-B1A8-E96666927802", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "D79D1272-025B-40E2-BE9D-141577DC1FD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "725B0345-D7BD-4302-B81A-C17115FF1070", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "2D0E9A21-D7CB-4129-925F-9D3105071FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "01750E0E-29E5-4FFA-8194-813FA363467E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*", matchCriteriaId: "298623A4-60DF-41F6-B2FD-ED84E6D2C06C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*", matchCriteriaId: "523C554B-076C-4F59-A04B-92D57CDAF7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*", matchCriteriaId: "3A85A576-6144-41DB-9ACF-1DD93D5A8852", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*", matchCriteriaId: "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*", matchCriteriaId: "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*", matchCriteriaId: "063D71A3-F1DF-486A-92E1-338C6D5C9E8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*", matchCriteriaId: "14A2C9CC-D434-41A7-A01A-03933675556A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*", matchCriteriaId: "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*", matchCriteriaId: "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*", matchCriteriaId: "DED26B68-E61F-4575-85AD-48EC2E128712", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*", matchCriteriaId: "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*", matchCriteriaId: "7AFCBA54-26E4-4C56-82BB-135FCA210419", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*", matchCriteriaId: "9B594A55-DBF5-4C3F-855F-843A7F26DFEF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*", matchCriteriaId: "53E10E88-28AE-4F01-AE6E-C76CB3309F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*", matchCriteriaId: "1909D29B-7532-4C60-9F16-BD310022E2A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*", matchCriteriaId: "8B5FA504-BFA4-4740-A3C0-B917AF301E72", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11.1, build 11115, permite a atacantes remotos no autenticados cambiar el estado de instalación de los agentes desplegados", }, ], id: "CVE-2020-14048", lastModified: "2024-11-21T05:02:26.090", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-12T02:15:10.320", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-14048", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-14048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-23 18:15
Modified
2024-11-21 07:22
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/CVE-2022-40772.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/CVE-2022-40772.html | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*", matchCriteriaId: "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "23A6549A-A30E-4693-9BAB-2685DB8C40BC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "D0647726-47C1-4CF5-91AA-E3E18776842C", versionEndExcluding: "10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*", matchCriteriaId: "DD01521E-40B5-46D6-9A29-DABA18F11DFF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*", matchCriteriaId: "877000C8-0405-481D-95CC-72B783457401", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*", matchCriteriaId: "1DC5243C-C10E-46A1-A71E-7E736FC651E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*", matchCriteriaId: "C17D5800-8A5A-44BE-ACE3-6FB21631551C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*", matchCriteriaId: "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*", matchCriteriaId: "C1671DFA-9DAA-41E5-9528-50F63D32FBF1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*", matchCriteriaId: "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*", matchCriteriaId: "B3BAC4E7-840F-461A-A0F9-6E29F5C43F45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*", matchCriteriaId: "9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*", matchCriteriaId: "FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "791D8E77-1A6B-4739-A6E6-BF91E978144E", versionEndExcluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*", matchCriteriaId: "3AE43EA7-9AA1-4EA7-8840-22BD543A093C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "D788203D-B169-4C98-B090-B070630750DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "846EA6AB-9588-4D9F-AEBD-83B018BE7362", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BDD540F2-C964-40DE-91AB-DE726AAA82A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "685783DB-DD06-4D9C-9E83-63449D5B60D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "C371F2CD-A1F8-4EC7-8096-D61DEA337D44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "B980A72F-53E2-4FC1-AA25-743AE8650641", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "68289AE6-F348-401A-BE49-08889492B23B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "34C768E0-FF5B-413D-87B2-9D09F28F95DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "B77031F5-E097-4549-BF5E-1D0718AB52B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", matchCriteriaId: "5A9C0879-8AE5-4E6E-998C-E79FC418C68A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", matchCriteriaId: "3F1F21D7-08E8-4637-903B-4277399C0BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", matchCriteriaId: "97920D1C-62BA-4B10-9912-C2ED1C1B0313", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", matchCriteriaId: "023C6278-1FF9-4E79-8D95-32BE71701D37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", matchCriteriaId: "34EFB9EF-269E-4A72-8357-2A54E8B78C84", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", matchCriteriaId: "35366F60-D6E2-4B29-B593-D24079CE6831", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", matchCriteriaId: "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", matchCriteriaId: "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", matchCriteriaId: "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", matchCriteriaId: "7F529DB6-4D30-49F8-BFE2-C10C1A899917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", matchCriteriaId: "4EA25296-8163-4C98-A8CD-35834240308E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", matchCriteriaId: "33D51403-A976-4EA3-AA23-C699E03239E2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", matchCriteriaId: "258BF334-DE00-472D-BD94-C0DF8CDAF53C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", matchCriteriaId: "DCF1B243-DA58-42CD-9DF4-6D4A010796D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", matchCriteriaId: "2B73FD0F-6B48-406E-AB29-606CC07C81C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", matchCriteriaId: "CED2C49D-DB96-4495-BD6F-460871D94EDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.", }, { lang: "es", value: "Las versiones 13010 y anteriores de Zoho ManageEngine ServiceDesk Plus son vulnerables a una omisión de validación que permite a los usuarios acceder a datos confidenciales a través del módulo de informes.", }, ], id: "CVE-2022-40772", lastModified: "2024-11-21T07:22:02.040", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-23T18:15:12.470", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-12 22:15
Modified
2024-11-21 07:11
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/service-desk/cve-2022-35403.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/cve-2022-35403.html | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "19B93A05-EDB4-4E02-926D-17E967ECBF91", versionEndExcluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "B0B75973-355C-447E-BBEA-18459A5736C8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*", matchCriteriaId: "7E45A9C9-EE09-493E-AE75-BACCD86B97EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*", matchCriteriaId: "4509077B-AD20-49B3-B23D-A0BC9E7A07E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*", matchCriteriaId: "2B5066A4-D8F9-452D-9686-49B5B33EE326", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*", matchCriteriaId: "A221A081-71CD-437F-9FE2-6A255A816BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*", matchCriteriaId: "883692B3-A95D-46F5-9E52-7694AF30CBAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*", matchCriteriaId: "D3C36A1A-9E47-4343-936A-711C7234D125", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*", matchCriteriaId: "D7875DEA-DE8F-4AF1-BCE7-FDF2A59C1DED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "D0647726-47C1-4CF5-91AA-E3E18776842C", versionEndExcluding: "10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*", matchCriteriaId: "877000C8-0405-481D-95CC-72B783457401", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*", matchCriteriaId: "1DC5243C-C10E-46A1-A71E-7E736FC651E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*", matchCriteriaId: "C17D5800-8A5A-44BE-ACE3-6FB21631551C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*", matchCriteriaId: "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*", matchCriteriaId: "C1671DFA-9DAA-41E5-9528-50F63D32FBF1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*", matchCriteriaId: "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "791D8E77-1A6B-4739-A6E6-BF91E978144E", versionEndExcluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "D788203D-B169-4C98-B090-B070630750DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "846EA6AB-9588-4D9F-AEBD-83B018BE7362", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BDD540F2-C964-40DE-91AB-DE726AAA82A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "685783DB-DD06-4D9C-9E83-63449D5B60D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "C371F2CD-A1F8-4EC7-8096-D61DEA337D44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "B980A72F-53E2-4FC1-AA25-743AE8650641", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "68289AE6-F348-401A-BE49-08889492B23B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "34C768E0-FF5B-413D-87B2-9D09F28F95DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "B77031F5-E097-4549-BF5E-1D0718AB52B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", matchCriteriaId: "5A9C0879-8AE5-4E6E-998C-E79FC418C68A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", matchCriteriaId: "3F1F21D7-08E8-4637-903B-4277399C0BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", matchCriteriaId: "97920D1C-62BA-4B10-9912-C2ED1C1B0313", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", matchCriteriaId: "023C6278-1FF9-4E79-8D95-32BE71701D37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", matchCriteriaId: "34EFB9EF-269E-4A72-8357-2A54E8B78C84", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", matchCriteriaId: "35366F60-D6E2-4B29-B593-D24079CE6831", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", matchCriteriaId: "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", matchCriteriaId: "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", matchCriteriaId: "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", matchCriteriaId: "7F529DB6-4D30-49F8-BFE2-C10C1A899917", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 están afectados por una vulnerabilidad de divulgación de archivos locales sin autenticación por medio del correo electrónico de creación de tickets. (Esto también afecta a Asset Explorer versiones anteriores a 6977 con autenticación)", }, ], id: "CVE-2022-35403", lastModified: "2024-11-21T07:11:06.207", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-12T22:15:08.327", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-35403.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-35403.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-25 16:29
Modified
2024-11-21 03:35
Severity ?
Summary
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107558 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://labs.integrity.pt/advisories/cve-2017-9376/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107558 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.integrity.pt/advisories/cve-2017-9376/ | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "9164DE27-BE62-4EB3-B2F1-899A3D284DEC", versionEndExcluding: "9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.", }, { lang: "es", value: "ManageEngine ServiceDesk Plus en sus versiones anteriores a la 9314 contiene una vulnerabilidad de inclusión de archivo local en el parámetro defModule en DefaultConfigDef.do y AssetDefaultConfigDef.do.", }, ], id: "CVE-2017-9376", lastModified: "2024-11-21T03:35:57.480", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-25T16:29:03.223", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107558", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://labs.integrity.pt/advisories/cve-2017-9376/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107558", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://labs.integrity.pt/advisories/cve-2017-9376/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-18 18:15
Modified
2025-03-07 21:04
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
Impacted products
{ cisaActionDue: "2023-02-13", cisaExploitAdd: "2023-01-23", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDF15FF-2561-4139-AC5E-4812584B1B03", versionEndExcluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*", matchCriteriaId: "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*", matchCriteriaId: "52DDE5D9-28DE-446F-A402-7BE3C33A4B35", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*", matchCriteriaId: "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*", matchCriteriaId: "59675CC4-8A5C-4668-908C-0886B4B310DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*", matchCriteriaId: "45084336-F1DC-4E5B-A45E-506A779985D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*", matchCriteriaId: "1B2CC071-5BB3-4A25-88F2-DBC56B94D895", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*", matchCriteriaId: "E6FDF373-4711-4B72-A14E-CEB19301C40F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*", matchCriteriaId: "0E0F346C-0445-4D38-8583-3379962B540F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*", matchCriteriaId: "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D", versionEndExcluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*", matchCriteriaId: "1179FC2E-0FCC-4744-85A7-1D68AE742FEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*", matchCriteriaId: "F05F8E9D-1880-4B94-922E-BA61FA112945", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*", matchCriteriaId: "F336B0C2-1F99-4BC7-828B-02E432CB0723", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*", matchCriteriaId: "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*", matchCriteriaId: "46A96B82-49E1-4392-BDCF-CC9753D67A4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*", matchCriteriaId: "837BF464-6D18-4267-8913-D7937C91789B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*", matchCriteriaId: "0243CA85-B856-4ED9-BCD0-5EAB182862CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*", matchCriteriaId: "FB216CD0-B3BD-434D-8FC6-BB60408C128A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FFA4EA7A-B1C1-4750-A11D-89054B77B320", versionEndExcluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*", matchCriteriaId: "16BADE82-3652-4074-BDFF-828B7213CAF6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*", matchCriteriaId: "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*", matchCriteriaId: "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*", matchCriteriaId: "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*", matchCriteriaId: "97EA9324-9377-46E1-A0EA-637128E65DED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*", matchCriteriaId: "EA5BE36E-A73A-4D1C-8185-9692373F1444", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*", matchCriteriaId: "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*", matchCriteriaId: "F505C783-09DE-4045-9DB4-DD850B449A48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*", matchCriteriaId: "212BF664-02DE-457F-91A6-6F824ECC963B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*", matchCriteriaId: "D102B74F-6762-4EFE-BAF7-A7D416867D9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*", matchCriteriaId: "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*", matchCriteriaId: "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*", matchCriteriaId: "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*", matchCriteriaId: "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*", matchCriteriaId: "623151CB-4C6B-4068-B173-FE8E73D652F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*", matchCriteriaId: "1D84377E-CB44-4C6A-A665-763A1CD1AF34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*", matchCriteriaId: "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*", matchCriteriaId: "4C568190-1C1B-44FA-B50A-C142A0B8224D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*", matchCriteriaId: "F876B2E2-C2FF-47BE-9F53-5F86606A08CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "B9D72627-17F9-427E-907B-56EA0A498131", versionEndExcluding: "7.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*", matchCriteriaId: "736740CB-A328-4163-BAC4-6C881A24C8B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*", matchCriteriaId: "9B806083-7309-4215-AF81-DCC4D90B7876", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*", matchCriteriaId: "A741CDA8-D1A8-4F83-AE54-7D3D3C433825", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*", matchCriteriaId: "09563D6F-690B-4C7A-BA25-52D009724A74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*", matchCriteriaId: "30FAC23B-831E-4904-AB3B-85A3C068CEB8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*", matchCriteriaId: "9347D3CF-B5D1-4ACE-83E1-73748EF15120", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*", matchCriteriaId: "322E0562-4586-4DF4-A935-C2447883495B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*", matchCriteriaId: "EB9151D6-BD21-4268-9371-FF702C1AD84B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*", matchCriteriaId: "B371E93E-7C85-42DD-AA7F-9B43D8D02963", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*", matchCriteriaId: "094EEFA4-BD16-4F79-8133-62F9E2C8C675", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*", matchCriteriaId: "DC5A6297-98E3-45C8-95FB-7F4E65D133BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*", matchCriteriaId: "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*", matchCriteriaId: "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*", matchCriteriaId: "7848B31C-AB51-486B-8655-7D7A060BAFFC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*", matchCriteriaId: "1CFB5C4A-B717-4CC2-AE03-336C63D17B96", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*", matchCriteriaId: "456D49D7-F04D-4003-B429-8D5504959D04", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*", matchCriteriaId: "BB788440-904B-430E-BF5B-12ADA816477E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*", matchCriteriaId: "876CC4D6-9546-4D39-965A-EF5A4AF4AD93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*", matchCriteriaId: "85432FE8-946F-448D-A92A-FF549EDC52F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*", matchCriteriaId: "813E1389-A949-427C-92C6-3974702FEA5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*", matchCriteriaId: "34A48841-EA09-4917-A6FF-DF645B581426", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*", matchCriteriaId: "1C042646-9D36-4712-9E5D-40E55FCF7C24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*", matchCriteriaId: "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*", matchCriteriaId: "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*", matchCriteriaId: "7E53B3CB-4351-4E24-B80C-D62CC483D4D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*", matchCriteriaId: "0068E901-62D2-4C4D-96F8-7823B0DF7DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*", matchCriteriaId: "CF70BA56-3478-4DA5-B013-4D9B820D2219", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7BC9667B-3ECE-4DF8-9C45-95E53736CD68", versionEndExcluding: "6.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*", matchCriteriaId: "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*", matchCriteriaId: "B1E4E7ED-317B-471D-B387-24BFE504FD48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*", matchCriteriaId: "1518C214-71A7-4C97-BA40-95D98E0C78BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*", matchCriteriaId: "247ED04D-E067-4A18-8514-9CD635DF4F09", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*", matchCriteriaId: "8AC2C862-7709-44BF-9D0C-1BD63B381001", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*", matchCriteriaId: "1E936706-E1D6-496A-8395-96706AF32F19", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*", matchCriteriaId: "CA25E9BB-DDB9-438C-890A-61264C10BFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*", matchCriteriaId: "D71FF123-F797-4E0D-8167-DD4563733879", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*", matchCriteriaId: "1156F671-D6BD-4FA2-924F-1802F157A025", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*", matchCriteriaId: "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*", matchCriteriaId: "E870D833-28A7-45E1-9A6B-26A33D66B507", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2026DE5E-EDDA-4134-A63E-1F01A9ED209F", versionEndExcluding: "5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:*", matchCriteriaId: "DBEE7368-580D-422E-80DE-079462579BD4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:*", matchCriteriaId: "92C88B5F-3689-4314-B23E-D9051808C1D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:*", matchCriteriaId: "839EB997-896A-4CD9-BADF-1C2DC2B498F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:*", matchCriteriaId: "7A4DF40E-2941-4A38-9297-42502D7EE0C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:*", matchCriteriaId: "DD056927-1BC0-42A0-8E26-7FC0F4BE58AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:*", matchCriteriaId: "99F6F9CC-5A94-4A74-8D36-BE198424C955", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", matchCriteriaId: "DCF1B243-DA58-42CD-9DF4-6D4A010796D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", matchCriteriaId: "2B73FD0F-6B48-406E-AB29-606CC07C81C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", matchCriteriaId: "CED2C49D-DB96-4495-BD6F-460871D94EDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", matchCriteriaId: "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", matchCriteriaId: "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "BB1E5798-5079-4292-9C11-2F334F8AC825", versionEndExcluding: "6.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:*", matchCriteriaId: "37D11E5C-C569-4D9F-BFF8-315F6D458D68", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", matchCriteriaId: "1478BFC3-A0B2-415B-BA1C-AA09D9451C93", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*", matchCriteriaId: "1E270FB5-C447-4C93-9947-2CE50850A46B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*", matchCriteriaId: "496AFB26-1E11-4632-8C10-CD80F601FCFE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:*", matchCriteriaId: "B2CE86DA-B688-4E9E-AF16-1974858D18BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:*", matchCriteriaId: "4BFA2F57-4506-4B3D-86E8-BE9BEC1134B4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "76C7DC97-8BF1-421F-9272-FD301D2D7A3F", versionEndExcluding: "12.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*", matchCriteriaId: "9BE65B96-74ED-48F1-B86D-CB3387D989CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*", matchCriteriaId: "B4127640-1F60-4687-A24A-22B05A125290", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*", matchCriteriaId: "E42928FB-E0E7-4951-B9B1-CEF60560A945", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*", matchCriteriaId: "43C059E6-E1CA-4792-B383-93062CD82D66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*", matchCriteriaId: "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:*", matchCriteriaId: "6C34175B-0978-4207-BFC0-F38FDFF9B3D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:*", matchCriteriaId: "6CAB911E-5CE6-47BA-9909-C42BDFEE0F5E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "23A6549A-A30E-4693-9BAB-2685DB8C40BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*", matchCriteriaId: "71CED256-A0EF-4933-AE18-421E37D5DB16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*", matchCriteriaId: "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*", matchCriteriaId: "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "969E1FCF-76A0-40BC-A38F-56FCB713419F", versionEndExcluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "298E6401-A9A9-43B6-901F-327944E0AF94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", matchCriteriaId: "35366F60-D6E2-4B29-B593-D24079CE6831", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", matchCriteriaId: "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", matchCriteriaId: "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", matchCriteriaId: "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", matchCriteriaId: "7F529DB6-4D30-49F8-BFE2-C10C1A899917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", matchCriteriaId: "4EA25296-8163-4C98-A8CD-35834240308E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", matchCriteriaId: "33D51403-A976-4EA3-AA23-C699E03239E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", matchCriteriaId: "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "B8F5E8E6-B1AA-4454-86D3-648B67CA915E", versionEndExcluding: "10.1.220.18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "98FAA4DE-2C24-4ED4-9F2C-84CEA3200E31", versionEndExcluding: "11.1.2238.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "8239C2A0-BA6D-4B5C-B02F-617178685D52", versionEndExcluding: "10.1.2220.18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4CA4E3A8-CAB3-461E-8A99-F7D115B17E71", versionEndExcluding: "10.1.2137.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "53EC71FA-E248-4DA5-BA76-746631AC435E", versionEndExcluding: "1.1.2243.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5784980D-CEBB-4982-BD1F-FD8F5F2A039C", versionEndExcluding: "10.1.2220.18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "06A9F459-2C86-4646-B87C-A55381E0939F", versionEndExcluding: "10.1.2228.11", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:*:*:*:*:*:*:*:*", matchCriteriaId: "5D851B9A-EE8F-4634-A26D-BCC44B5CF02A", versionEndExcluding: "10.1.41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "450E672F-FA36-4770-87B6-CC8DA66D2222", versionEndExcluding: "10.1.2220.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).", }, { lang: "es", value: "Múltiples productos locales de Zoho ManageEngine, como ServiceDesk Plus hasta 14003, permiten la ejecución remota de código debido al uso de Apache Santuario xmlsec (también conocido como XML Security para Java) 1.4.1, porque las funciones xmlsec XSLT, por diseño en esa versión, hacen la aplicación responsable de ciertas protecciones de seguridad, y las aplicaciones ManageEngine no proporcionaban esas protecciones. Esto afecta a Access Manager Plus anterior a 4308, Active Directory 360 anterior a 4310, ADAudit Plus anterior a 7081, ADManager Plus anterior a 7162, ADSelfService Plus anterior a 6211, Analytics Plus anterior a 5150, Application Control Plus anterior a 10.1.2220.18, Asset Explorer anterior a 6983, Browser Security Plus antes de 11.1.2238.6, Device Control Plus antes de 10.1.2220.18, Endpoint Central antes de 10.1.2228.11, Endpoint Central MSP antes de 10.1.2228.11, Endpoint DLP antes de 10.1.2137.6, Key Manager Plus antes de 6401, OS Deployer antes de 1.1.2243.1, PAM 360 antes de 5713, Password Manager Pro antes de 12124, Patch Manager Plus antes de 10.1.2220.18, Remote Access Plus antes de 10.1.2228.11, Remote Monitoring and Management (RMM) antes de 10.1.41. ServiceDesk Plus anterior a 14004, ServiceDesk Plus MSP anterior a 13001, SupportCenter Plus anterior a 11026 y Vulnerability Manager Plus anterior a 10.1.2220.18. La explotación solo es posible si alguna vez se ha configurado SAML SSO para un producto (para algunos productos, la explotación requiere que SAML SSO esté actualmente activo).\n", }, ], id: "CVE-2022-47966", lastModified: "2025-03-07T21:04:52.037", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-18T18:15:10.570", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/horizon3ai/CVE-2022-47966", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.viettelcybersecurity.com/saml-show-stopper/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/horizon3ai/CVE-2022-47966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-17 04:29
Modified
2024-11-21 04:49
Severity ?
Summary
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "457A9C68-714A-4B93-8BF6-C9851E7CEAD5", versionEndExcluding: "10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.", }, { lang: "es", value: "Existe una vulnerabilidad IDOR (Insecure Direct Object Reference) en Zoho ManageEngine ServiceDesk Plus (SDP) en versiones anteriores a la 10.0 build 10007 mediante un adjunto en una petición.", }, ], id: "CVE-2019-8395", lastModified: "2024-11-21T04:49:50.233", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-17T04:29:00.360", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, { lang: "en", value: "CWE-706", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-01 06:15
Modified
2025-04-03 19:48
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
References
Impacted products
{ cisaActionDue: "2021-12-15", cisaExploitAdd: "2021-12-01", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "D79D1272-025B-40E2-BE9D-141577DC1FD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "725B0345-D7BD-4302-B81A-C17115FF1070", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "2D0E9A21-D7CB-4129-925F-9D3105071FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "01750E0E-29E5-4FFA-8194-813FA363467E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "D8774F16-1A2C-4A91-B132-DE8B1D29DB43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*", matchCriteriaId: "298623A4-60DF-41F6-B2FD-ED84E6D2C06C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*", matchCriteriaId: "523C554B-076C-4F59-A04B-92D57CDAF7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*", matchCriteriaId: "3A85A576-6144-41DB-9ACF-1DD93D5A8852", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*", matchCriteriaId: "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*", matchCriteriaId: "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*", matchCriteriaId: "063D71A3-F1DF-486A-92E1-338C6D5C9E8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*", matchCriteriaId: "14A2C9CC-D434-41A7-A01A-03933675556A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*", matchCriteriaId: "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*", matchCriteriaId: "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*", matchCriteriaId: "DED26B68-E61F-4575-85AD-48EC2E128712", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*", matchCriteriaId: "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*", matchCriteriaId: "7AFCBA54-26E4-4C56-82BB-135FCA210419", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*", matchCriteriaId: "9B594A55-DBF5-4C3F-855F-843A7F26DFEF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*", matchCriteriaId: "53E10E88-28AE-4F01-AE6E-C76CB3309F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*", matchCriteriaId: "1909D29B-7532-4C60-9F16-BD310022E2A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*", matchCriteriaId: "8B5FA504-BFA4-4740-A3C0-B917AF301E72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*", matchCriteriaId: "2694C1E1-7596-4183-9B09-4BB5BA5C5551", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*", matchCriteriaId: "31A7FA61-399B-4778-828C-BB65548966AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*", matchCriteriaId: "E33CAA7E-2F7B-4833-94F6-6C0F607903CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11118:*:*:*:*:*:*", matchCriteriaId: "81D5E4BB-41F6-46B7-98C7-43DE55785496", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11119:*:*:*:*:*:*", matchCriteriaId: "8400D7D8-D03D-4A5C-B533-A640A648238D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11120:*:*:*:*:*:*", matchCriteriaId: "21E4107F-A0DC-4A53-9352-A442B563599C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11121:*:*:*:*:*:*", matchCriteriaId: "42B90217-2981-4B2A-BB29-BF36F4C1494F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11122:*:*:*:*:*:*", matchCriteriaId: "A96B5C8D-5689-405D-ADD7-8BA0E9755EB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11123:*:*:*:*:*:*", matchCriteriaId: "0B621910-3AE7-4E92-9B6D-C015A8D4AC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11124:*:*:*:*:*:*", matchCriteriaId: "9E480891-A40B-4184-B06D-26EC583FBA41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11125:*:*:*:*:*:*", matchCriteriaId: "8D8905CE-F981-4034-8193-533A4930D518", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11126:*:*:*:*:*:*", matchCriteriaId: "79FBA595-2CDC-45E8-8840-34D17F09A5FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11127:*:*:*:*:*:*", matchCriteriaId: "D462AC9D-8731-49D9-A760-5013B496C8C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11128:*:*:*:*:*:*", matchCriteriaId: "332AB05B-3DC2-493F-8DB8-7DA93531D9BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11129:*:*:*:*:*:*", matchCriteriaId: "A9ED77FC-F359-48AA-8A48-4009B25992D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11130:*:*:*:*:*:*", matchCriteriaId: "98C4DC91-985F-413E-9F6F-27E93C1125E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11131:*:*:*:*:*:*", matchCriteriaId: "6841D87A-97FD-415B-931C-6407A36A1E96", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11132:*:*:*:*:*:*", matchCriteriaId: "D1C4B37D-6983-430C-91C5-635D7EF51A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11133:*:*:*:*:*:*", matchCriteriaId: "4E959106-3183-4D8A-888D-6379DC33234D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11134:*:*:*:*:*:*", matchCriteriaId: "72C74691-300E-4CD7-AD57-594586B12669", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11135:*:*:*:*:*:*", matchCriteriaId: "1F60565E-3BDA-4BE3-B013-1BF4469B8B1B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11136:*:*:*:*:*:*", matchCriteriaId: "6BD8A92A-AC27-4914-B36D-94829478D47A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11137:*:*:*:*:*:*", matchCriteriaId: "7ED4E888-2EFA-4F7F-9503-59F34FF720D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*", matchCriteriaId: "106A06E5-56E8-41D3-A059-7DA6737DABAE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*", matchCriteriaId: "401AEAD2-183D-4E55-94AD-D24A9BE46D61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*", matchCriteriaId: "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*", matchCriteriaId: "417D6E6A-C16A-4A76-8D65-31340834233E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*", matchCriteriaId: "1A040A5B-8C2A-4557-AB5E-1427B0F1E889", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*", matchCriteriaId: "207A81A8-02EF-4793-B047-46581BF7E60B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*", matchCriteriaId: "194BEECD-F877-4D28-A534-E965D69C9EB9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*", matchCriteriaId: "E42B1B2B-7031-4DDA-B5D4-9D6A66BF6B23", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*", matchCriteriaId: "7D130762-4B49-4089-99A1-FEFD6B76AB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*", matchCriteriaId: "CDC33E6B-81E2-4A15-8889-2CD709CF5E45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*", matchCriteriaId: "E08A077E-B1AA-432A-B37A-AA603C8CD1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*", matchCriteriaId: "69B73464-8627-4CCE-93CE-B312A9D7B35C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*", matchCriteriaId: "51839FBE-A7E1-40FD-B44B-F9C8CA62E063", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*", matchCriteriaId: "7BE9BFCC-04AB-4053-949C-B2860E7E43B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*", matchCriteriaId: "A2062399-67EA-4368-9629-60E4A59DDB29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*", matchCriteriaId: "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:-:*:*:*:*:*:*", matchCriteriaId: "7C2035DC-3D54-4D0A-B18A-8D5FAA15CF45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*", matchCriteriaId: "188135EF-9821-4325-A34F-AB6F430F5DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*", matchCriteriaId: "DC971E05-D69B-4688-861D-3D6357726CB6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11302, es vulnerable a una omisión de autenticación que permite algunas URLs REST-API sin autenticación", }, ], id: "CVE-2021-37415", lastModified: "2025-04-03T19:48:08.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-09-01T06:15:06.530", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.manageengine.com", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-26 21:15
Modified
2025-02-03 20:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", matchCriteriaId: "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", matchCriteriaId: "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", matchCriteriaId: "03A34ED3-EC89-4BE3-8A99-A5727A154672", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", matchCriteriaId: "4E84EF2B-37A5-4499-8C16-877E8AB8A731", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", matchCriteriaId: "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", matchCriteriaId: "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", matchCriteriaId: "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*", matchCriteriaId: "356CA7C7-993F-4D5D-9FAB-9E5475878D53", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0F8049D8-8FE3-43CA-9568-AEA659776436", versionEndExcluding: "14.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*", matchCriteriaId: "5CDE81A3-95A1-42FC-A526-5F343E73ABD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*", matchCriteriaId: "0575CC86-9321-4502-83C0-348DCE175EEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*", matchCriteriaId: "D1B60D55-DE84-4BE8-A42D-98D133D3D228", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*", matchCriteriaId: "B79CA06A-17DE-429A-A3C9-4FC28E907318", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*", matchCriteriaId: "19C86206-29CB-4ABA-8979-19DF52B8CC1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14104:*:*:*:*:*:*", matchCriteriaId: "7C7ACCBA-56DC-4159-A26C-6D8007B3AC23", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "E427ED35-3804-4448-BADE-6DD1E80D093F", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "6E368AC5-E3A5-44CE-8B6E-2454493764E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14001:*:*:*:*:*:*", matchCriteriaId: "B265CA09-4FDD-41BD-A5E8-1A4666FBDE62", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5563D0F3-ACFD-4F79-8428-12EF982E0F5F", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "B46588F2-4258-44C7-BCBE-40975D4CE27D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14001:*:*:*:*:*:*", matchCriteriaId: "8FA49D56-60A0-462B-86D2-61391E8FAA47", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.", }, ], id: "CVE-2023-29443", lastModified: "2025-02-03T20:15:31.143", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-26T21:15:08.957", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-611", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-27 16:15
Modified
2024-11-21 06:33
Severity ?
Summary
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 11.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11306:*:*:*:*:*:*", matchCriteriaId: "B2DB18CB-A6BB-46FC-B869-44D7ACC2470D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.", }, { lang: "es", value: "Una vulnerabilidad de tipo Cross-site scripting (XSS) en el Campo Secondary Email en Zoho ManageEngine ServiceDesk Plus versión 11.3 Build 11306, permite a atacantes inyectar código JavaScript arbitrario", }, ], id: "CVE-2021-46065", lastModified: "2024-11-21T06:33:34.607", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-27T16:15:07.730", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-07 13:15
Modified
2024-11-21 08:06
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D", versionEndExcluding: "14.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*", matchCriteriaId: "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*", matchCriteriaId: "19A77447-AA60-4011-A64B-0A065F43279E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "5E2D7250-8F17-4A29-BB1F-755A9DF0E3E6", versionEndExcluding: "14.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14200:*:*:*:*:*:*", matchCriteriaId: "E2141BB9-EEB1-4648-A98F-8E56463E3D02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14201:*:*:*:*:*:*", matchCriteriaId: "122F5CF4-E718-4E0F-90BB-173EC4A726E9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14202:*:*:*:*:*:*", matchCriteriaId: "DBDD2838-53B0-425F-B5FF-FD6DD6587C53", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0C96B503-E3D8-48E3-9D91-0EDD125A51B2", versionEndExcluding: "14.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.2:14200:*:*:*:*:*:*", matchCriteriaId: "3F3F6B18-309E-402B-B5B6-857A71FCA675", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.2:14201:*:*:*:*:*:*", matchCriteriaId: "2578CF13-141C-4DE4-9209-52A0CE5892C8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.", }, ], id: "CVE-2023-34197", lastModified: "2024-11-21T08:06:45.420", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-07T13:15:09.273", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-21 06:15
Modified
2025-03-27 13:10
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "ECE2FE6F-AC4D-49DB-A36A-8C76B77F0079", versionEndExcluding: "14.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:*:*:*:*:*:*:*", matchCriteriaId: "859CA019-8026-4178-9A31-0651A853D4E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.9:14910:*:*:*:*:*:*", matchCriteriaId: "BC9B5C66-E0DF-44FE-A900-A3721AF4F95D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "45A0B773-D293-47CA-84A4-E4918F138C3F", versionEndExcluding: "14.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.9:14900:*:*:*:*:*:*", matchCriteriaId: "4B2B72D2-5FD7-4C7F-BE3F-CDA5064E025A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7360E194-C0E4-4870-BCC1-F8E0C05E8649", versionEndExcluding: "14.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcentre_plus:14.9:14900:*:*:*:*:*:*", matchCriteriaId: "233B7D2B-B6A8-492B-9CB6-837C03F8355E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.", }, { lang: "es", value: "Las versiones de Zohocorp ManageEngine ServiceDesk Plus anteriores a 14920, ServiceDesk Plus MSP y SupportCentre Plus anteriores a 14910 son vulnerables a XSS almacenado en la función de tareas.", }, ], id: "CVE-2024-50053", lastModified: "2025-03-27T13:10:43.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.2, source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-21T06:15:25.003", references: [ { source: "0fc0942c-577d-436f-ae8e-945763c79b02", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2024-50053.html", }, ], sourceIdentifier: "0fc0942c-577d-436f-ae8e-945763c79b02", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-04 16:29
Modified
2024-11-21 04:18
Severity ?
Summary
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://0x445.github.io/CVE-2019-10273/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46674/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0x445.github.io/CVE-2019-10273/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46674/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*", matchCriteriaId: "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.", }, { lang: "es", value: "Una vulnerabilidad de fuga de información en la página de inicio de sesión /mc en el software ManageEngine ServiceDesk Plus 9.3 permite a los usuarios autenticados enumerar los usuarios activos. Debido a un error en la manera en la que se gestiona la autenticación, un atacante es capaz de iniciar sesión y verificar cualquier cuenta activa.", }, ], id: "CVE-2019-10273", lastModified: "2024-11-21T04:18:47.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-04T16:29:02.320", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://0x445.github.io/CVE-2019-10273/", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46674/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://0x445.github.io/CVE-2019-10273/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46674/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-28 20:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*", matchCriteriaId: "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D", versionEndExcluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*", matchCriteriaId: "1179FC2E-0FCC-4744-85A7-1D68AE742FEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*", matchCriteriaId: "F05F8E9D-1880-4B94-922E-BA61FA112945", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*", matchCriteriaId: "F336B0C2-1F99-4BC7-828B-02E432CB0723", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*", matchCriteriaId: "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*", matchCriteriaId: "46A96B82-49E1-4392-BDCF-CC9753D67A4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*", matchCriteriaId: "837BF464-6D18-4267-8913-D7937C91789B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*", matchCriteriaId: "0243CA85-B856-4ED9-BCD0-5EAB182862CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*", matchCriteriaId: "FB216CD0-B3BD-434D-8FC6-BB60408C128A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4310:*:*:*:*:*:*", matchCriteriaId: "9A24DBF5-EBC0-49DB-B253-1098BF1C6180", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4312:*:*:*:*:*:*", matchCriteriaId: "9E5C2FC4-A020-42C8-958D-603C82E9F0B7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4313:*:*:*:*:*:*", matchCriteriaId: "D94DE7F6-9231-48F5-8B3F-D8D34594CBB9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4314:*:*:*:*:*:*", matchCriteriaId: "27C465F6-F7F2-4FBD-B12F-4795EB47842C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4315:*:*:*:*:*:*", matchCriteriaId: "27BCB134-B415-481F-BBDB-650F5AD65EDA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E802FD77-E67A-438C-82CE-9FC7536FB14E", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*", matchCriteriaId: "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*", matchCriteriaId: "237AA2F5-B9A3-4C40-92AC-61FE47A017BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*", matchCriteriaId: "4C23A64C-65CB-447B-9B5F-4BB22F68FC79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*", matchCriteriaId: "72C14C6D-5C72-4A39-A8FF-93CD89C831C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", matchCriteriaId: "258BF334-DE00-472D-BD94-C0DF8CDAF53C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", matchCriteriaId: "DCF1B243-DA58-42CD-9DF4-6D4A010796D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", matchCriteriaId: "2B73FD0F-6B48-406E-AB29-606CC07C81C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", matchCriteriaId: "CED2C49D-DB96-4495-BD6F-460871D94EDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", matchCriteriaId: "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", matchCriteriaId: "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", matchCriteriaId: "03A34ED3-EC89-4BE3-8A99-A5727A154672", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", matchCriteriaId: "4E84EF2B-37A5-4499-8C16-877E8AB8A731", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", matchCriteriaId: "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", matchCriteriaId: "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", matchCriteriaId: "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*", matchCriteriaId: "356CA7C7-993F-4D5D-9FAB-9E5475878D53", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6989:*:*:*:*:*:*", matchCriteriaId: "82F1AAC1-E49B-4580-9569-AD9B1E649A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6990:*:*:*:*:*:*", matchCriteriaId: "D971F57C-820C-4391-A15C-80A4901BC358", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6991:*:*:*:*:*:*", matchCriteriaId: "3EAA3D29-2763-4201-9471-A0874727F40B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6992:*:*:*:*:*:*", matchCriteriaId: "B632C001-CE54-4C22-AB99-7919D8902FDB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6993:*:*:*:*:*:*", matchCriteriaId: "648277D7-3CDD-455B-95D3-CBD9A3A82C62", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*", matchCriteriaId: "1E01D48C-A95F-421E-A6FA-D299D6BE02B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*", matchCriteriaId: "727BD3A4-F0E1-4656-A640-B32406324707", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F", versionEndExcluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*", matchCriteriaId: "BFD452AD-7053-4C13-97DA-326C3DC6E26C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*", matchCriteriaId: "0B87956F-9C45-4A65-BEB2-77A247BD7A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*", matchCriteriaId: "17BE6347-1605-47DB-8CFE-B587E3AB4223", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*", matchCriteriaId: "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*", matchCriteriaId: "E6A7C5C6-0137-4279-A7EA-3439BE477A3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*", matchCriteriaId: "C921F1B2-69B4-448F-AC7C-2F4474507FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*", matchCriteriaId: "91DB9017-1BCF-48DB-97AE-4214150BAE77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*", matchCriteriaId: "D066B999-8554-49F0-92C3-1A4DDEA6E32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*", matchCriteriaId: "635F80E1-4A73-48DC-A128-D61716D70839", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*", matchCriteriaId: "E74FE1C4-471A-4040-96A4-0BE46745199B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*", matchCriteriaId: "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*", matchCriteriaId: "99C928C2-4711-4765-BDF2-E7FB448F5771", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*", matchCriteriaId: "EDF77387-21C7-45CA-B843-EBA956EE2BB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*", matchCriteriaId: "5C2C0067-538B-4102-8B4E-603BD4CE8F86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*", matchCriteriaId: "DAF47C10-AAE9-40CF-A033-44D54A81E69F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*", matchCriteriaId: "36D0331C-58EA-4B68-88C4-7A193BE5C62E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*", matchCriteriaId: "3CA59781-E48C-487E-B3AF-96560F3152EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*", matchCriteriaId: "E4812B9E-15CA-4700-9115-EAE0A97F0E3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*", matchCriteriaId: "CE513A2B-0371-4D3C-A502-CDA3DB474F3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*", matchCriteriaId: "5E498ACE-8332-4824-9AFE-73975D0AC9EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*", matchCriteriaId: "F070B928-CF57-4502-BE26-AD3F13A6ED4B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*", matchCriteriaId: "635D24F2-9C60-4E1A-BD5F-E5312FA953A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*", matchCriteriaId: "5E983854-36F8-407F-95C8-E386E0F82366", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*", matchCriteriaId: "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*", matchCriteriaId: "7820751F-E181-4BB7-8DAF-BF21129B24D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*", matchCriteriaId: "14ADB666-EEB9-4C6D-93F4-5A45EBA55705", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*", matchCriteriaId: "93C4B398-8F9A-44AC-8E43-C4C471DE9565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*", matchCriteriaId: "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*", matchCriteriaId: "C7EF76FE-3FD9-4548-A372-22E280484ECB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "C12C9470-3D3B-426E-93F9-79D8B9B25F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "227F1242-E0A9-45C5-9198-FD8D01F68ABF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "1D262240-1B28-4B7C-B673-C10DD878D912", versionEndExcluding: "12.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12300:*:*:*:*:*:*", matchCriteriaId: "39F6B49B-8531-4A62-B0D9-C1BCD728D4A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12301:*:*:*:*:*:*", matchCriteriaId: "F2769404-4E8A-478C-9328-269E2C334E31", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "E913F3D6-9F94-4130-94FF-37F4D81BAEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "34D23B58-2BB8-40EE-952C-1595988335CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "322920C4-4487-4E44-9C40-2959F478A4FA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "014DB85C-DB28-4EBB-971A-6F8F964CE6FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "5E9B0013-ABF8-4616-BC92-15DF9F5CB359", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "5B744F32-FD43-47B8-875C-6777177677CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "D3012C17-87F5-4FFD-B67B-BEFF2A390613", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "1E33D368-2D81-4C7E-9405-7C0A86E97217", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*", matchCriteriaId: "30B83EF5-BEF1-4636-9B3C-AE41E6010F2C", versionEndExcluding: "5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5300:*:*:*:*:*:*", matchCriteriaId: "CF4D70E8-77A6-4F51-A15B-28299D43B095", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5301:*:*:*:*:*:*", matchCriteriaId: "E03D403B-C904-482E-838C-D6595C5D27FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5302:*:*:*:*:*:*", matchCriteriaId: "FFEB1CB7-B9F7-463D-88F8-3A2E86264FFB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5305:*:*:*:*:*:*", matchCriteriaId: "E4B18DCB-4A02-4DE6-9B19-D79299934D29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5310:*:*:*:*:*:*", matchCriteriaId: "2D34C6F9-2578-460F-AF34-2E9494BCDE3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5311:*:*:*:*:*:*", matchCriteriaId: "48E3DA1B-9FC6-4F07-9F89-6D71EF42FCFD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5315:*:*:*:*:*:*", matchCriteriaId: "B2F48B91-FFD5-4AC4-A198-64870E47AE9A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*", matchCriteriaId: "7001A0A7-159C-48A3-9800-DAFBA31D05BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*", matchCriteriaId: "583B46D4-529F-404F-9CF3-4D7526889682", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*", matchCriteriaId: "0D89C2A2-CE20-4954-8821-C73F9E3EC767", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*", matchCriteriaId: "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*", matchCriteriaId: "233874F0-A19F-447C-ACE2-5DD06829C920", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*", matchCriteriaId: "C4447E47-C6DB-440D-AF35-8130687E9BB2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*", matchCriteriaId: "405ECB05-7E35-4927-A19A-92A4B7FE8B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*", matchCriteriaId: "9F1EC2A5-7498-40F9-91A4-B004AEA1136C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*", matchCriteriaId: "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*", matchCriteriaId: "DD3B14B6-8329-43C4-AE42-13279E77275E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*", matchCriteriaId: "7792B448-4D34-42F8-919C-344783D625E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*", matchCriteriaId: "E297C040-0523-4A50-97AB-349880D5B3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*", matchCriteriaId: "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*", matchCriteriaId: "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*", matchCriteriaId: "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*", matchCriteriaId: "6E0C9493-EB87-4197-AF8B-BCA25488BCDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*", matchCriteriaId: "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*", matchCriteriaId: "FBD7855F-4B66-4F43-960C-73E69C52E865", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*", matchCriteriaId: "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*", matchCriteriaId: "36A68C2E-978A-4F82-AC61-E9E7CA9908A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A9BB59DF-8786-4DC0-9254-F88417CA7077", versionEndExcluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*", matchCriteriaId: "6BA1E99E-789C-4FDD-AA89-4C5391B95320", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*", matchCriteriaId: "7EA6EC34-6702-4D1A-8C63-5026416E01A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*", matchCriteriaId: "0720F912-A070-43E9-BD23-4FAD00026DCF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*", matchCriteriaId: "161C81D2-7281-4F89-9944-1B468B06C264", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*", matchCriteriaId: "718EEA01-B792-4B7E-946F-863F846E8132", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*", matchCriteriaId: "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*", matchCriteriaId: "47BBC46A-16C7-4E9B-A49A-8101F3039D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*", matchCriteriaId: "D989FB08-624D-406B-8F53-A387900940F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*", matchCriteriaId: "8ADB6CFE-1915-488C-93FE-96E8DF3655F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*", matchCriteriaId: "EDCCB442-D0E4-47C7-A558-36657A70B3CF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*", matchCriteriaId: "8794F807-1D50-44D4-8969-FD68EFF2F643", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*", matchCriteriaId: "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*", matchCriteriaId: "6976DCDA-E27A-4367-8EFE-74DC6F63018F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*", matchCriteriaId: "101908A5-CAEF-44F8-A6C8-FE01CA9FA836", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*", matchCriteriaId: "F957BE56-474A-4593-8710-F86DB13C7407", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*", matchCriteriaId: "B8479442-1A4A-4F27-9778-664C7693C815", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*", matchCriteriaId: "EEF00ADC-105F-4B7E-857B-17565D67C7D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*", matchCriteriaId: "CA292949-6E99-49A5-94F7-23448494F5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*", matchCriteriaId: "863CBE20-60A5-4A08-BF16-4E40E88B9AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*", matchCriteriaId: "28A105B4-7BF0-4054-AAE7-8453E13E2B63", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*", matchCriteriaId: "94C78301-44B7-45B2-836E-15E45FAC8625", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*", matchCriteriaId: "F408067C-13C1-40BE-8488-9EB7FF0EDF9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*", matchCriteriaId: "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E4282B6D-6C85-4F13-B789-E641FB5986FE", versionEndExcluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*", matchCriteriaId: "A160274C-F07A-43D9-A4DB-8773F004B9B0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*", matchCriteriaId: "341DF953-3DC7-476E-A79D-8CBD011C52A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*", matchCriteriaId: "AB6582AC-03DB-4905-BD03-EEDC314EB289", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*", matchCriteriaId: "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*", matchCriteriaId: "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*", matchCriteriaId: "1592B321-1D60-418D-9CD8-61AEA57D8D90", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*", matchCriteriaId: "E582FA9F-A043-4193-961D-A49159F1C921", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*", matchCriteriaId: "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*", matchCriteriaId: "28EAB920-2F01-483E-9492-97DBFBD7535F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*", matchCriteriaId: "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*", matchCriteriaId: "37976BE2-4233-46F7-B6BB-EFA778442AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*", matchCriteriaId: "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*", matchCriteriaId: "C069FF04-4061-4560-BA55-1784312047A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*", matchCriteriaId: "0D428FA6-08BA-4F7E-B1C7-4AFD17919899", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*", matchCriteriaId: "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*", matchCriteriaId: "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*", matchCriteriaId: "EF9477F5-C6FD-4589-917B-FD206371DB33", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*", matchCriteriaId: "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*", matchCriteriaId: "8CB27467-3157-466A-B01C-461348BD95C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*", matchCriteriaId: "2D575B4D-D58A-4B92-9723-4AB54E29924A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*", matchCriteriaId: "E76BB070-9BC9-4712-B021-156871C3B06A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*", matchCriteriaId: "52D35850-9BE1-479A-B0AF-339E42BCA708", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*", matchCriteriaId: "681A77B6-7E22-4132-803B-A0AD117CE7C1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "658DC76D-E0FE-40FA-B966-6DA6ED531FCD", versionEndExcluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*", matchCriteriaId: "948993BE-7B9E-4CCB-A97F-28B46DFE52A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*", matchCriteriaId: "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*", matchCriteriaId: "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*", matchCriteriaId: "4C8B3F77-7886-4F80-B75A-59063C762307", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*", matchCriteriaId: "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*", matchCriteriaId: "A708628C-31E8-4A52-AEF7-297E2DDFA0C8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*", matchCriteriaId: "A8A01385-A493-42C0-ABBE-6A30C8594F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*", matchCriteriaId: "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*", matchCriteriaId: "B6865936-A773-4353-8891-8269508B2180", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*", matchCriteriaId: "9CAD778E-8FDB-4CE2-A593-75EEA75F6361", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*", matchCriteriaId: "52A9BA64-A248-4490-BDA7-671D64C0B3CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*", matchCriteriaId: "DFF0A7E8-888B-4CBE-B799-16557244DDF3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*", matchCriteriaId: "8B480202-7632-4CFA-A485-DDFF1D1DB757", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*", matchCriteriaId: "AB9B0721-49FD-49E7-97E4-E4E3EBF64856", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*", matchCriteriaId: "874F5DDD-EA8D-4C1E-824A-321C52959649", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*", matchCriteriaId: "8CAA4713-DA95-46AC-AFA5-9D22F8819B06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*", matchCriteriaId: "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*", matchCriteriaId: "832AAAAF-5C34-4DDF-96A4-080002F9BC6A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*", matchCriteriaId: "29ED63C4-FB06-41AC-ABCD-63B3233658A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*", matchCriteriaId: "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*", matchCriteriaId: "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*", matchCriteriaId: "51400F37-6310-44A3-A683-068DF64D20F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*", matchCriteriaId: "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*", matchCriteriaId: "78CB8751-856A-41AC-904A-70FA1E15A946", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*", matchCriteriaId: "72B7E27E-1443-46DC-8389-FBD337E612F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*", matchCriteriaId: "F9BB1077-C1F5-4368-9930-8E7424E7EB98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*", matchCriteriaId: "EE307CE4-574D-4FF7-BED6-5BBECF886578", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D", versionEndExcluding: "14.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*", matchCriteriaId: "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*", matchCriteriaId: "19A77447-AA60-4011-A64B-0A065F43279E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14202:*:*:*:*:*:*", matchCriteriaId: "811ADC13-780C-4325-8879-E521CBEC20B0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14203:*:*:*:*:*:*", matchCriteriaId: "DB25E317-1104-4CFE-8F6A-B8B55F578F94", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14204:*:*:*:*:*:*", matchCriteriaId: "8157D1BB-556A-444B-9F4C-0BD0EF4CF02F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "E73FEA45-5AA3-4C49-91D3-E07A53E34515", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*", matchCriteriaId: "8CA65161-0C0B-45E7-BBEA-FA214DBF964B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*", matchCriteriaId: "9097C0CA-001B-4604-BCDB-ED28AB292CC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "CE99DDEC-EA8D-4E15-A227-30B242611078", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "52843587-34AD-4992-8E68-25CD02E247A3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "30C9A012-AD39-45B2-BA3F-8D7180FC5390", versionEndExcluding: "4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*", matchCriteriaId: "7C5E7CE6-F85E-49B2-9078-F661AA3723C4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*", matchCriteriaId: "1194B4C2-FBF2-4015-B666-235897971DD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*", matchCriteriaId: "4F5F0CA5-CEC3-4342-A7D1-3616C482B965", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4707D700-23C4-4BBD-9683-4E6D59989127", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.", }, { lang: "es", value: "Zoho ManageEngine Active Directory 360 versiones 4315 e inferiores, ADAudit Plus 7202 e inferiores, ADManager Plus 7200 e inferiores, Asset Explorer 6993 e inferiores y 7xxx 7002 e inferiores, Cloud Security Plus 4161 e inferiores, Data Security Plus 6110 e inferiores, Eventlog Analyzer 12301 y siguientes, Exchange Reporter Plus 5709 y siguientes, Log360 5315 y siguientes, Log360 UEBA 4045 y siguientes, M365 Manager Plus 4529 y siguientes, M365 Security Plus 4529 y siguientes, Recovery Manager Plus 6061 y siguientes, ServiceDesk Plus 14204 y siguientes y 143xx 14302 e inferiores, ServiceDesk Plus MSP 14300 e inferiores, SharePoint Manager Plus 4402 e inferiores, y Support Center Plus 14300 e inferiores son vulnerables a la omisión de 2FA a través de algunos autenticadores TOTP. Nota: Se requiere un par válido de nombre de usuario y contraseña para aprovechar esta vulnerabilidad.\n", }, ], id: "CVE-2023-35785", lastModified: "2024-11-21T08:08:41.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-28T20:15:08.033", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12538 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12538 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*", matchCriteriaId: "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.", }, { lang: "es", value: "Se descubrió un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a través del campo de búsqueda SiteLookup.do.", }, ], id: "CVE-2019-12538", lastModified: "2024-11-21T04:23:03.667", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-05T15:29:01.420", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12538", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12538", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-11 14:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 10.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:*:*:*:*:*:*:*", matchCriteriaId: "1E7DBA6C-3792-4432-BB77-17EE96FF1906", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.", }, { lang: "es", value: "Se detectó un problema en ManageEngine ServiceDesk Plus versión 10.5 de Zoho. Se presenta un problema de tipo XSS por medio del campo de búsqueda WorkOrder.do.", }, ], id: "CVE-2019-12540", lastModified: "2024-11-21T04:23:03.970", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-11T14:15:11.397", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-04-09 18:15
Modified
2024-11-21 05:45
Severity ?
Summary
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-11 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-11 | Exploit, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1:-:*:*:*:*:*:*", matchCriteriaId: "94616708-8F58-4E87-BAE5-73133FE433D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:-:*:*:*:*:*:*", matchCriteriaId: "5B4536B5-8263-4D00-A7A4-1B286BB7B311", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8201:*:*:*:*:*:*", matchCriteriaId: "24902805-615E-43C2-BB25-911B8D8ADE29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8202:*:*:*:*:*:*", matchCriteriaId: "554F4EA8-601E-42C4-A154-150EC217A1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8203:*:*:*:*:*:*", matchCriteriaId: "92DFF866-8BF6-416D-BD33-EDA523D1E09C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8204:*:*:*:*:*:*", matchCriteriaId: "E4A0EC51-3D07-4227-A157-4CA204FD02BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8205:*:*:*:*:*:*", matchCriteriaId: "9E9AAB0C-0DBD-47A7-8F0C-670FE85F5CD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8206:*:*:*:*:*:*", matchCriteriaId: "D2C44765-DC25-40B9-82D5-AC143821755B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8207:*:*:*:*:*:*", matchCriteriaId: "937E95E7-E925-40FC-A112-6DA545EF6584", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8208:*:*:*:*:*:*", matchCriteriaId: "7981B9EF-AA5D-4022-B2AB-2EE57A2B1DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8209:*:*:*:*:*:*", matchCriteriaId: "B6B85248-1BD3-4648-B0B3-BD9E98A92A18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8210:*:*:*:*:*:*", matchCriteriaId: "AB274DBB-2B3D-4B7C-9B12-FC5CCABD0F3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8211:*:*:*:*:*:*", matchCriteriaId: "F58D17A3-7395-42CB-A6A1-3362AC37CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8212:*:*:*:*:*:*", matchCriteriaId: "98959391-6262-48D6-8546-C42A5D2489C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8213:*:*:*:*:*:*", matchCriteriaId: "E07DD7A7-7D58-4615-ABA3-718088A897FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8214:*:*:*:*:*:*", matchCriteriaId: "C911FE7F-2B93-44E2-BF4A-AF9344D1E3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8215:*:*:*:*:*:*", matchCriteriaId: "0CEC9CE1-0BE7-4434-B853-A2850EBEB3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8216:*:*:*:*:*:*", matchCriteriaId: "0E237ABD-4FB9-4DB9-94CE-69F01727799A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8217:*:*:*:*:*:*", matchCriteriaId: "6DEF0341-D42E-4C47-8224-704DD41F7D99", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:-:*:*:*:*:*:*", matchCriteriaId: "577B5A33-FC1D-4334-882E-7007CBF264D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9000:*:*:*:*:*:*", matchCriteriaId: "E2AEEE6B-0187-4D37-A042-170CBE780127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9001:*:*:*:*:*:*", matchCriteriaId: "0070815C-273A-45A7-BD4A-F0A4553D326E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9002:*:*:*:*:*:*", matchCriteriaId: "F81E4E47-E8DB-4983-8226-6C5E5A283EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9003:*:*:*:*:*:*", matchCriteriaId: "4297FC42-1E40-4AAE-B492-AF29DA0C2979", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9004:*:*:*:*:*:*", matchCriteriaId: "04AA8545-FFFF-4731-BBFC-7BF577872F73", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9005:*:*:*:*:*:*", matchCriteriaId: "D83ACA73-42A4-43CF-B099-9842C935A8CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9006:*:*:*:*:*:*", matchCriteriaId: "74698925-CD1A-483D-9F72-DF95599E9150", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9007:*:*:*:*:*:*", matchCriteriaId: "1ADA7A20-BA3C-4537-8FB5-D5538C762790", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9008:*:*:*:*:*:*", matchCriteriaId: "E29931D8-5840-4796-92D3-FD30FAC633FF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9009:*:*:*:*:*:*", matchCriteriaId: "D4CBFDCE-9DAE-4541-A49E-C864BF849E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9010:*:*:*:*:*:*", matchCriteriaId: "02FEA14F-7656-43AF-8028-CBA7D0DA0AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9011:*:*:*:*:*:*", matchCriteriaId: "2FE60600-A21B-4153-8296-51EAA465CE8A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9012:*:*:*:*:*:*", matchCriteriaId: "A14D0484-66C4-4EF5-9601-9E533FD0AAED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9013:*:*:*:*:*:*", matchCriteriaId: "DC5D293D-A02C-422A-ADD8-FA6EDD72F4FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9014:*:*:*:*:*:*", matchCriteriaId: "9B780FA5-AF88-4315-9C8A-9AAB8E8030A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9016:*:*:*:*:*:*", matchCriteriaId: "605575AD-C3C8-43A4-AB03-E9719F792324", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9017:*:*:*:*:*:*", matchCriteriaId: "6EFA48CD-C990-4CFE-8C4C-2449D3A3E665", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9018:*:*:*:*:*:*", matchCriteriaId: "14E92F04-550A-4ED9-AF4E-DD7E9F5E15E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9019:*:*:*:*:*:*", matchCriteriaId: "E9DACA83-23CF-4C8D-B5A1-1A1A7AEC20FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9020:*:*:*:*:*:*", matchCriteriaId: "B2733446-DFA8-4B15-A50F-BB6E07D5927E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9021:*:*:*:*:*:*", matchCriteriaId: "10DBE5B0-7E17-413A-AAA8-5F0DEFD6D479", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9022:*:*:*:*:*:*", matchCriteriaId: "744C7BC5-3053-493E-8F1E-52B875EA66F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9023:*:*:*:*:*:*", matchCriteriaId: "24444021-610D-4EF2-BB1A-EB70CD2A5F74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9024:*:*:*:*:*:*", matchCriteriaId: "0594BCB0-F5A5-4F2D-B024-13AC67AA4B0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9025:*:*:*:*:*:*", matchCriteriaId: "004E66AE-F871-45D1-A47A-F27462167C37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9026:*:*:*:*:*:*", matchCriteriaId: "18248546-B217-47A3-8EC1-C71E4358F5B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9027:*:*:*:*:*:*", matchCriteriaId: "160FD535-5B72-4182-9828-725BAF335DD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9028:*:*:*:*:*:*", matchCriteriaId: "49692C35-49DC-4EE5-B360-16078A94D968", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9029:*:*:*:*:*:*", matchCriteriaId: "47A9D8FE-E92F-4136-B212-C42541653781", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9030:*:*:*:*:*:*", matchCriteriaId: "A266AC34-BDF8-4D65-82C9-85D69C509BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9031:*:*:*:*:*:*", matchCriteriaId: "A2EFEE24-1C21-488E-B286-656D25B758BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9032:*:*:*:*:*:*", matchCriteriaId: "5903D3C4-BF84-4CEB-95E9-60C8D4E69D9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9033:*:*:*:*:*:*", matchCriteriaId: "42C571A1-70D4-48DF-8037-31FE362AA7C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9034:*:*:*:*:*:*", matchCriteriaId: "768B75E8-7EAE-4AE6-98BB-A90193A678B3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9035:*:*:*:*:*:*", matchCriteriaId: "3150232F-41A2-4098-81F9-CEF1A60B2F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9036:*:*:*:*:*:*", matchCriteriaId: "7850BA73-70CD-4047-AE49-56C5373E20A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9037:*:*:*:*:*:*", matchCriteriaId: "134755A0-28D8-4495-B443-A092C5C0E4EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9038:*:*:*:*:*:*", matchCriteriaId: "D4594C2E-E003-4586-BAF8-DC687347EFB3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9039:*:*:*:*:*:*", matchCriteriaId: "06A9CD32-A6E3-4BFE-8501-FB63000731D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9040:*:*:*:*:*:*", matchCriteriaId: "DBBB3BA2-0FEB-4883-B742-64C478A37B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9041:*:*:*:*:*:*", matchCriteriaId: "793E9796-D53B-4293-9ECA-4B6EB8E217F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9042:*:*:*:*:*:*", matchCriteriaId: "62244706-A31F-48B8-B35D-C4B0AABAC678", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9043:*:*:*:*:*:*", matchCriteriaId: "5DD600F0-DF69-474C-B2ED-8551BF9F25FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9044:*:*:*:*:*:*", matchCriteriaId: "9D087887-925B-4D03-A04B-110D59A6BC93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9045:*:*:*:*:*:*", matchCriteriaId: "8556C499-F15B-4538-BE38-AD1112917F86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9046:*:*:*:*:*:*", matchCriteriaId: "9300D81A-196A-4C76-ACC1-FE063E1A8CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9047:*:*:*:*:*:*", matchCriteriaId: "A7529CE5-C62D-4676-A2F2-15E76F66BD57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9048:*:*:*:*:*:*", matchCriteriaId: "E0C73A49-8143-4C35-95AB-31BB56C80438", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9049:*:*:*:*:*:*", matchCriteriaId: "3F1E996E-FB6A-4F65-9A48-52029627AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:-:*:*:*:*:*:*", matchCriteriaId: "71BB9EF4-882F-4339-A088-DFD3EE1296D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9100:*:*:*:*:*:*", matchCriteriaId: "C79B3F6A-7AE0-487E-8044-B6C15E9C21E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9101:*:*:*:*:*:*", matchCriteriaId: "977BF207-74F1-4D9D-BFF9-BF63469E260E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9102:*:*:*:*:*:*", matchCriteriaId: "1EBB9679-E791-4926-9155-99C894F26EAD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9103:*:*:*:*:*:*", matchCriteriaId: "E3FA3476-AEEC-47E6-A2DF-19B24A4CA9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9104:*:*:*:*:*:*", matchCriteriaId: "035C0A12-BB52-448B-8B34-C62083A60917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9105:*:*:*:*:*:*", matchCriteriaId: "C74B8E40-88E9-495E-980E-20AA69BE4E26", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9106:*:*:*:*:*:*", matchCriteriaId: "CF088327-2D8E-4409-852C-BFF68E6D7449", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9107:*:*:*:*:*:*", matchCriteriaId: "6B8EEE98-CE3E-4D63-AEBE-C0061B7F1CC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9108:*:*:*:*:*:*", matchCriteriaId: "F7738BD7-CA9D-443B-A743-69B96243956B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9109:*:*:*:*:*:*", matchCriteriaId: "6801BD3B-5B95-410B-ABD8-3E1729856615", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9110:*:*:*:*:*:*", matchCriteriaId: "5F6F567B-E445-45B1-ACB6-C61628F39962", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9111:*:*:*:*:*:*", matchCriteriaId: "C066567A-E5A2-48CA-8EAF-2919FC499569", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9112:*:*:*:*:*:*", matchCriteriaId: "B060B925-FDE8-48B3-BF41-32E828ACC5C6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9113:*:*:*:*:*:*", matchCriteriaId: "48C1DC18-3FA3-4709-8251-EB9AD370E529", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9114:*:*:*:*:*:*", matchCriteriaId: "8A46CF84-1258-4217-97E1-B387BAA40A09", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9115:*:*:*:*:*:*", matchCriteriaId: "F8DA4A28-1151-4BFB-A9A0-9BC128FDD57A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9116:*:*:*:*:*:*", matchCriteriaId: "9C7D2FB4-22D5-4A58-AB8E-2B543A57CCD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9117:*:*:*:*:*:*", matchCriteriaId: "799B4970-767F-4207-AACF-2F1AAE09DE47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9118:*:*:*:*:*:*", matchCriteriaId: "068C757A-03A5-4AB2-825F-675028C8E5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9119:*:*:*:*:*:*", matchCriteriaId: "CB0BFAA6-2D92-4FEA-AFDF-1FB005C64CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9120:*:*:*:*:*:*", matchCriteriaId: "412C04A6-F5FD-4EBB-8FCE-BE489D726352", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9121:*:*:*:*:*:*", matchCriteriaId: "842FF39B-7EC2-42AE-8B98-006D8E455A1F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:-:*:*:*:*:*:*", matchCriteriaId: "5272F67C-EBCE-46B5-BF68-DB183704BE45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9200:*:*:*:*:*:*", matchCriteriaId: "DB4472B8-232E-4700-B376-2006005F0F4D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9201:*:*:*:*:*:*", matchCriteriaId: "01A82F61-8882-419F-9715-3A636F5FBD5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9202:*:*:*:*:*:*", matchCriteriaId: "87F8B3E1-8936-470A-BB41-5E5EEC2B86F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9203:*:*:*:*:*:*", matchCriteriaId: "D18E2BB1-3F3B-42BA-8CC0-43627C6B676E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9204:*:*:*:*:*:*", matchCriteriaId: "9B2EE162-C6DE-4182-93A0-021A5410E83C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9205:*:*:*:*:*:*", matchCriteriaId: "C420A37E-E89A-472D-B605-0943F21C0592", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9206:*:*:*:*:*:*", matchCriteriaId: "80BF4466-5244-4238-AD69-66697E5B30B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9207:*:*:*:*:*:*", matchCriteriaId: "54DFDAB9-540E-4388-9FA0-9CAE93FDD78F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9208:*:*:*:*:*:*", matchCriteriaId: "72D32098-2C3C-4EA0-BFE0-127DA43DF136", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9209:*:*:*:*:*:*", matchCriteriaId: "6CD17130-56ED-4460-844D-B877F7E9EB6F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9210:*:*:*:*:*:*", matchCriteriaId: "67C76DD0-258A-4D39-8694-0191B608FDCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9211:*:*:*:*:*:*", matchCriteriaId: "0522B2B2-5647-46AF-AAAE-F86DDACA790B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9212:*:*:*:*:*:*", matchCriteriaId: "524258FD-71A0-4E2D-BE58-2500944EDAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9213:*:*:*:*:*:*", matchCriteriaId: "3529FA8F-A5F5-44DF-9E77-80C9DA7F8ED6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9214:*:*:*:*:*:*", matchCriteriaId: "1117F600-7DA8-4FB7-8CE0-D5EE8194A3F2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9215:*:*:*:*:*:*", matchCriteriaId: "907FE1F5-9F3B-4B06-A89D-CA842BB956AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9216:*:*:*:*:*:*", matchCriteriaId: "5707EB1A-2D06-4FDE-AC23-4EF391018423", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9217:*:*:*:*:*:*", matchCriteriaId: "03A1E00A-5EEC-4DD8-9A6B-732A140E4F24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9218:*:*:*:*:*:*", matchCriteriaId: "DF75E79B-5680-4E72-9597-12C9A32FB075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9219:*:*:*:*:*:*", matchCriteriaId: "03DF444A-CA6E-426B-BC7E-2F1E73E4E5EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9220:*:*:*:*:*:*", matchCriteriaId: "0BE8B99C-0D4F-4BB1-AE62-8FBC1A0F3C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9221:*:*:*:*:*:*", matchCriteriaId: "47B69879-E65E-4C31-AC89-C872AF7C7736", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9222:*:*:*:*:*:*", matchCriteriaId: "BE7E7D41-BE15-4439-AB25-65F1FA4A27EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9223:*:*:*:*:*:*", matchCriteriaId: "2008020E-9A7C-42A7-BCA7-DB8A27F5AD6F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9224:*:*:*:*:*:*", matchCriteriaId: "2550C2F0-97B2-49FF-B7EF-D4AD7BA6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9225:*:*:*:*:*:*", matchCriteriaId: "D3177C32-5A5D-44B4-BD9B-A261EE536098", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9226:*:*:*:*:*:*", matchCriteriaId: "EF5DB83F-5E79-4DD8-AC70-36EE7BB88C30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9227:*:*:*:*:*:*", matchCriteriaId: "68922363-7E1B-42EE-8F29-F19F7AD54F66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9228:*:*:*:*:*:*", matchCriteriaId: "3C1D71E8-AD75-4019-9D8D-BCF1C30F16CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9229:*:*:*:*:*:*", matchCriteriaId: "B28D8431-61FF-4943-9EBE-C0C824B9206F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9230:*:*:*:*:*:*", matchCriteriaId: "00F9A491-EDBB-4C72-A598-03AD807046AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9231:*:*:*:*:*:*", matchCriteriaId: "1DBA185A-70DE-4919-89F8-9DF1CA17FB3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9232:*:*:*:*:*:*", matchCriteriaId: "789190B8-4EAA-4D57-9B59-D30C2183E3D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9233:*:*:*:*:*:*", matchCriteriaId: "0655B57A-0A51-4541-AF81-EBA9E7A200A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9234:*:*:*:*:*:*", matchCriteriaId: "CF4F0539-649F-41FD-8BB6-7158183A670C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9235:*:*:*:*:*:*", matchCriteriaId: "8DD9A63F-309F-423F-98AB-86007CED2C7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9236:*:*:*:*:*:*", matchCriteriaId: "E7389397-03A6-48C6-98AC-7273E3CEF7D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9237:*:*:*:*:*:*", matchCriteriaId: "CC5E6061-FC5D-4201-BD39-3862556F4E66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9238:*:*:*:*:*:*", matchCriteriaId: "0D33A187-CE61-4A39-8BF7-8A65871C54BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9239:*:*:*:*:*:*", matchCriteriaId: "C42C7942-7F44-42A7-882E-D69CB93620E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9240:*:*:*:*:*:*", matchCriteriaId: "11FD12A0-12FC-4D45-8F5A-86D039D5194A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9241:*:*:*:*:*:*", matchCriteriaId: "A006266D-5686-4867-A9B9-BCAE40B69FAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9242:*:*:*:*:*:*", matchCriteriaId: "967FC7F6-3580-4DCE-A7F0-7C27D0D9FAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:-:*:*:*:*:*:*", matchCriteriaId: "28144D4F-B106-466E-97FE-95792AF01EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9300:*:*:*:*:*:*", matchCriteriaId: "45E23A86-2DFB-419B-AD19-1A63E0D12203", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9301:*:*:*:*:*:*", matchCriteriaId: "D6E8AD08-4E3C-4503-A582-B6CEDAE362B4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9302:*:*:*:*:*:*", matchCriteriaId: "2E3824C3-8B4C-4C52-AC13-3911BEE11A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9303:*:*:*:*:*:*", matchCriteriaId: "52500AC3-F89B-4A95-8C44-B74DA14EF9F2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9304:*:*:*:*:*:*", matchCriteriaId: "1A2C7747-9D88-4962-B8F6-0B4309D0F168", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9305:*:*:*:*:*:*", matchCriteriaId: "E788E5CD-4274-42A1-9974-30E0380D87F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9306:*:*:*:*:*:*", matchCriteriaId: "BD942532-B9A1-4F7B-8E1B-C456516E7168", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9307:*:*:*:*:*:*", matchCriteriaId: "6F16D144-7DDA-4151-8763-FC846BF114EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9308:*:*:*:*:*:*", matchCriteriaId: "43AF43F0-A9E2-4A3F-8011-D52B9D5A2A0F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9309:*:*:*:*:*:*", matchCriteriaId: "B70C28C0-77C2-4A77-8958-A055EB307008", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9310:*:*:*:*:*:*", matchCriteriaId: "BE28CD2C-2B3A-43CF-BDA4-D98852D75EBA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9311:*:*:*:*:*:*", matchCriteriaId: "BD8C312B-8348-4476-B0C3-1544F2D378F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9312:*:*:*:*:*:*", matchCriteriaId: "F56255C6-9E9A-48C4-A83A-C8FA8EEE2190", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9313:*:*:*:*:*:*", matchCriteriaId: "2510E11A-992C-4ED7-9338-AF3B7BBA7160", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9314:*:*:*:*:*:*", matchCriteriaId: "778D0E3E-E77B-44BD-8155-5464405C8691", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9315:*:*:*:*:*:*", matchCriteriaId: "D708A96D-F89E-44D0-B655-6A8BD1D08B72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9316:*:*:*:*:*:*", matchCriteriaId: "4524947C-3F09-4DC7-BE0E-B695BC4C00EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*", matchCriteriaId: "FA1D85B3-8327-4032-96A1-CF3EAF477160", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9318:*:*:*:*:*:*", matchCriteriaId: "78B40A2C-6289-4581-AA84-58FF00DF8861", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9319:*:*:*:*:*:*", matchCriteriaId: "26C645F1-4C43-4D82-B223-2A037A154466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9320:*:*:*:*:*:*", matchCriteriaId: "FA95FDD5-5530-4B25-9702-12A39FF49F65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9321:*:*:*:*:*:*", matchCriteriaId: "4B8CA6EF-F82C-40A7-B8B4-476082E8F6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9322:*:*:*:*:*:*", matchCriteriaId: "27627445-9D74-4A82-80C1-17D32B7FF498", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9323:*:*:*:*:*:*", matchCriteriaId: "C5C1BB5D-890E-4A9D-9F2F-68C18DB6BB31", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9324:*:*:*:*:*:*", matchCriteriaId: "3DA73624-42A9-4FB6-B04A-A06AAE3550AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9325:*:*:*:*:*:*", matchCriteriaId: "488F83E8-B1C3-4FF9-82AA-6E849146716A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9326:*:*:*:*:*:*", matchCriteriaId: "B68BF79E-EBB3-4427-AF00-818368FB2873", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9327:*:*:*:*:*:*", matchCriteriaId: "32795B52-2EBE-49D5-9CF2-7809E07D9773", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9328:*:*:*:*:*:*", matchCriteriaId: "BB5FB7E0-7480-4621-A891-F0B146362068", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9329:*:*:*:*:*:*", matchCriteriaId: "01DCE8C6-9F6F-492F-836A-F2959D4D6B2A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9330:*:*:*:*:*:*", matchCriteriaId: "99E9D0C9-98B1-40C9-AB15-ED26C2FD3618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9331:*:*:*:*:*:*", matchCriteriaId: "6939C42F-7B4E-4D63-B2A3-45624307AE05", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9332:*:*:*:*:*:*", matchCriteriaId: "61804D75-F80A-4432-9872-3CCF74719AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9333:*:*:*:*:*:*", matchCriteriaId: "84B391A6-11E1-4269-8697-1ED54420B4AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9334:*:*:*:*:*:*", matchCriteriaId: "D8FFC18D-60E1-4E0C-9E1B-73CEEC751882", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9335:*:*:*:*:*:*", matchCriteriaId: "B09F30F9-2EF8-4E93-BD62-E57A553F5BD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9336:*:*:*:*:*:*", matchCriteriaId: "6E8AAA4B-9A8B-4C62-AFAC-D16AD4B4BF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:-:*:*:*:*:*:*", matchCriteriaId: "1A5B76DE-A0AA-430C-B28F-C9787E7A2EC4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9400:*:*:*:*:*:*", matchCriteriaId: "0261CF58-FB52-40F2-AFB2-F48E9D9F3673", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9401:*:*:*:*:*:*", matchCriteriaId: "8AE37BD3-5FDE-4A0E-9741-60F9E764D7D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9402:*:*:*:*:*:*", matchCriteriaId: "A6C7DD80-BCA4-4121-B1B3-50798BDA71B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9403:*:*:*:*:*:*", matchCriteriaId: "DCC29FD5-BD55-44BB-B8F3-8D04C23DB745", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9404:*:*:*:*:*:*", matchCriteriaId: "551778C6-7F1F-425F-A6C9-5DB05B0A7079", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9405:*:*:*:*:*:*", matchCriteriaId: "2A59669F-DA4C-4CA6-8707-A68F70D7CEF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9406:*:*:*:*:*:*", matchCriteriaId: "B01B3E70-E529-4152-97B8-98CE35582BE4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9407:*:*:*:*:*:*", matchCriteriaId: "81A265ED-AE4A-4458-81D1-CB8D7EE64442", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9408:*:*:*:*:*:*", matchCriteriaId: "3CAE5F44-B29C-43D9-8F15-CA45AF9FBB34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9409:*:*:*:*:*:*", matchCriteriaId: "9A66E0C6-071B-4211-ADDD-0555222FEBB2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9410:*:*:*:*:*:*", matchCriteriaId: "A4F3A38F-F263-49C0-BE02-8F8C06E11153", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9411:*:*:*:*:*:*", matchCriteriaId: "7995FB82-C17D-40A4-88E7-D2CB2D41F34C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9412:*:*:*:*:*:*", matchCriteriaId: "A0D73AC6-9715-4ED5-9E9B-F25B9A4A9CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9413:*:*:*:*:*:*", matchCriteriaId: "BB66FAC9-E0D2-444E-9568-2556662B008B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9414:*:*:*:*:*:*", matchCriteriaId: "EF1F53F4-CAA0-4529-A951-263C5FD00270", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9415:*:*:*:*:*:*", matchCriteriaId: "3F1F303C-DBAD-4019-833D-CC92CC3DF32E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9416:*:*:*:*:*:*", matchCriteriaId: "1D8AEDA6-E161-4386-8E0F-424CB6F87CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9417:*:*:*:*:*:*", matchCriteriaId: "03FA25BC-B64A-4424-B7D3-97644BDF2015", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9418:*:*:*:*:*:*", matchCriteriaId: "C5244D26-D896-4A8F-A9A7-0B1EC2CDDC06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9419:*:*:*:*:*:*", matchCriteriaId: "827EFFB4-E0E6-4F3B-8397-AE73A3D11B94", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9420:*:*:*:*:*:*", matchCriteriaId: "0A9B0CF3-FE52-4CA1-B1F7-A018FD121FEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9421:*:*:*:*:*:*", matchCriteriaId: "C410A5F5-2415-4767-B120-80645B211013", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9422:*:*:*:*:*:*", matchCriteriaId: "D261E9EC-EFFE-4206-A046-B66DFB8E696C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9423:*:*:*:*:*:*", matchCriteriaId: "778FE067-DAE0-483F-8C73-78906F43ED02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9424:*:*:*:*:*:*", matchCriteriaId: "5DB32A17-00B0-4424-88CD-C9C9253B14E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9425:*:*:*:*:*:*", matchCriteriaId: "F1E09302-1460-4909-8DA7-5904C448CA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9426:*:*:*:*:*:*", matchCriteriaId: "A4E0DF6C-1980-4634-9A10-740895379369", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9427:*:*:*:*:*:*", matchCriteriaId: "F6553A33-8FF8-48B3-ACAF-C7CBAB6B8383", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0:*:*:*:*:*:*:*", matchCriteriaId: "0D0D82AD-4041-489A-B6BC-9122A5C4284D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*", matchCriteriaId: "97CABEC7-2B76-4B17-B906-1CB2B49515A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*", matchCriteriaId: "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*", matchCriteriaId: "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*", matchCriteriaId: "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*", matchCriteriaId: "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*", matchCriteriaId: "01754D60-5592-4193-A2DF-4CE12D30CF24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*", matchCriteriaId: "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*", matchCriteriaId: "21DC1DA3-012F-4AF2-B6CA-968E50A503EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*", matchCriteriaId: "9DE94B05-7B6A-4912-8590-D9C1791F9B68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*", matchCriteriaId: "16C27699-4157-4473-9FB3-01151B3E21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*", matchCriteriaId: "F9AC6EC8-E1CA-4889-8AF8-482649CF2139", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*", matchCriteriaId: "4186B73E-0E0F-48E1-9A51-B90E228BDA14", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*", matchCriteriaId: "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*", matchCriteriaId: "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*", matchCriteriaId: "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*", matchCriteriaId: "1CD8BB75-E9F0-4675-835B-131C1B459138", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*", matchCriteriaId: "32CFCFEF-FA96-405A-AF7A-A652371A44F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*", matchCriteriaId: "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*", matchCriteriaId: "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*", matchCriteriaId: "9B48D8ED-0539-402C-92A0-0BE8F88ABA46", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*", matchCriteriaId: "20604986-B662-4553-A481-9AC2979C2871", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*", matchCriteriaId: "FF77ADEA-AC44-49FF-BA41-C130FFD01F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*", matchCriteriaId: "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*", matchCriteriaId: "F10A782D-24BB-477D-B828-38FF8C008E85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10500:*:*:*:*:*:*", matchCriteriaId: "EF3B542D-DC8F-4717-B0A8-4466BED2D113", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10501:*:*:*:*:*:*", matchCriteriaId: "982C13E3-8FFD-4112-8866-76C8318BA394", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10502:*:*:*:*:*:*", matchCriteriaId: "300DBEAF-859F-4EBC-919D-0FEDF83CF60F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10503:*:*:*:*:*:*", matchCriteriaId: "8CD6A14F-CE77-41A5-8B11-7CE23A5156E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10504:*:*:*:*:*:*", matchCriteriaId: "E8DF283F-EC49-4930-9319-55562EE1274D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10505:*:*:*:*:*:*", matchCriteriaId: "58C762E2-9B16-4398-A130-5F7AE4171C15", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10506:*:*:*:*:*:*", matchCriteriaId: "CB6C1D7E-00AA-421F-9937-78A837AD41E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10507:*:*:*:*:*:*", matchCriteriaId: "100F898D-525D-4EC1-802D-63BA0EF5690A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10508:*:*:*:*:*:*", matchCriteriaId: "259A3358-86C4-49AB-A113-F000AC076497", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10509:*:*:*:*:*:*", matchCriteriaId: "897FFAD7-D739-4F54-B496-726DA42D1B53", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10510:*:*:*:*:*:*", matchCriteriaId: "D7DDEBCC-8375-4209-883C-CBF669F71DBD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10511:*:*:*:*:*:*", matchCriteriaId: "230A0B00-DE83-472A-A6F9-91DEF51C3756", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10512:*:*:*:*:*:*", matchCriteriaId: "8DB3456E-E1AB-497E-80C4-4B039445146D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10513:*:*:*:*:*:*", matchCriteriaId: "B86DFA37-FBBF-46A7-9350-C97A15514290", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10514:*:*:*:*:*:*", matchCriteriaId: "44226AFE-5AA4-4D83-A85B-6BAB6B1B5609", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:-:*:*:*:*:*:*", matchCriteriaId: "BD81D0B5-4C34-4260-A35C-225BBCA3D71A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "3C858317-2F95-4BA2-A9A0-F03BBC3CC2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "0D2B81A8-C2EE-4666-8D17-A09CCBE6E789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BF4C5D27-877D-4E79-8634-CC6F2DCB66FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "01F753C4-11F6-4F65-8C38-3A308AA577E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "330149F0-BBE4-4890-B1A8-E96666927802", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "D79D1272-025B-40E2-BE9D-141577DC1FD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "725B0345-D7BD-4302-B81A-C17115FF1070", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "2D0E9A21-D7CB-4129-925F-9D3105071FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "01750E0E-29E5-4FFA-8194-813FA363467E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*", matchCriteriaId: "298623A4-60DF-41F6-B2FD-ED84E6D2C06C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*", matchCriteriaId: "523C554B-076C-4F59-A04B-92D57CDAF7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*", matchCriteriaId: "3A85A576-6144-41DB-9ACF-1DD93D5A8852", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*", matchCriteriaId: "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*", matchCriteriaId: "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*", matchCriteriaId: "063D71A3-F1DF-486A-92E1-338C6D5C9E8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*", matchCriteriaId: "14A2C9CC-D434-41A7-A01A-03933675556A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*", matchCriteriaId: "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*", matchCriteriaId: "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*", matchCriteriaId: "DED26B68-E61F-4575-85AD-48EC2E128712", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*", matchCriteriaId: "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*", matchCriteriaId: "7AFCBA54-26E4-4C56-82BB-135FCA210419", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*", matchCriteriaId: "9B594A55-DBF5-4C3F-855F-843A7F26DFEF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*", matchCriteriaId: "53E10E88-28AE-4F01-AE6E-C76CB3309F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*", matchCriteriaId: "1909D29B-7532-4C60-9F16-BD310022E2A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*", matchCriteriaId: "8B5FA504-BFA4-4740-A3C0-B917AF301E72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*", matchCriteriaId: "2694C1E1-7596-4183-9B09-4BB5BA5C5551", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*", matchCriteriaId: "31A7FA61-399B-4778-828C-BB65548966AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*", matchCriteriaId: "E33CAA7E-2F7B-4833-94F6-6C0F607903CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11118:*:*:*:*:*:*", matchCriteriaId: "2B9E544F-F9B0-4B19-977F-3232FB9E2D2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11119:*:*:*:*:*:*", matchCriteriaId: "67FF6912-9756-4858-A424-322AC9996018", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.", }, { lang: "es", value: "Un saneamiento de salida insuficiente en ManageEngine ServiceDesk Plus versiones anteriores a 11200 y ManageEngine AssetExplorer versiones anteriores a 6800, permite a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting (XSS) persistente al cargar un archivo de activos XML diseñado", }, ], id: "CVE-2021-20080", lastModified: "2024-11-21T05:45:53.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-04-09T18:15:13.523", references: [ { source: "vulnreport@tenable.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-11", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-30 13:29
Modified
2024-11-21 04:09
Severity ?
Summary
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Mar/58 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Mar/58 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "176FD5D3-E780-4694-82AA-8499DFE64A88", versionEndExcluding: "9403", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.", }, { lang: "es", value: "En Zoho ManageEngine ServiceDesk Plus en versiones anteriores a la 9403, un problema Cross-Site Scripting (XSS) permite que un atacante ejecute código JavaScript arbitrario mediante un URI /api/request/?OPERATION_NAME=, también conocido como SD-69139.", }, ], id: "CVE-2018-5799", lastModified: "2024-11-21T04:09:25.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-30T13:29:00.207", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Mar/58", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2018/Mar/58", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2025-03-27 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*", matchCriteriaId: "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "23A6549A-A30E-4693-9BAB-2685DB8C40BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*", matchCriteriaId: "71CED256-A0EF-4933-AE18-421E37D5DB16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*", matchCriteriaId: "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*", matchCriteriaId: "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14004:*:*:*:*:*:*", matchCriteriaId: "547B3D0E-A042-46D1-9836-0B16843FE97D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14005:*:*:*:*:*:*", matchCriteriaId: "CEDD4FE7-4C3C-499A-BED7-41F542AC15D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14006:*:*:*:*:*:*", matchCriteriaId: "882EDA59-A5CD-4B93-8F9B-1E9D50871BEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.", }, ], id: "CVE-2023-23073", lastModified: "2025-03-27T15:15:43.077", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-01T20:15:11.280", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator", }, { source: "cve@mitre.org", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-23 03:15
Modified
2024-11-21 07:22
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/CVE-2022-40770.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/CVE-2022-40770.html | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "19B93A05-EDB4-4E02-926D-17E967ECBF91", versionEndExcluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "B0B75973-355C-447E-BBEA-18459A5736C8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*", matchCriteriaId: "7E45A9C9-EE09-493E-AE75-BACCD86B97EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*", matchCriteriaId: "4509077B-AD20-49B3-B23D-A0BC9E7A07E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*", matchCriteriaId: "2B5066A4-D8F9-452D-9686-49B5B33EE326", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*", matchCriteriaId: "A221A081-71CD-437F-9FE2-6A255A816BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*", matchCriteriaId: "883692B3-A95D-46F5-9E52-7694AF30CBAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*", matchCriteriaId: "D3C36A1A-9E47-4343-936A-711C7234D125", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*", matchCriteriaId: "D7875DEA-DE8F-4AF1-BCE7-FDF2A59C1DED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*", matchCriteriaId: "702DC6C6-7EC3-4897-96E5-4F7DAED23170", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:*", matchCriteriaId: "F4D2A501-3100-484B-A0B9-7BD10DB9D14A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:*", matchCriteriaId: "A2E24BFE-8EA8-4CDF-991B-A005E299518D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "D0647726-47C1-4CF5-91AA-E3E18776842C", versionEndExcluding: "10.6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*", matchCriteriaId: "DD01521E-40B5-46D6-9A29-DABA18F11DFF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*", matchCriteriaId: "877000C8-0405-481D-95CC-72B783457401", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*", matchCriteriaId: "1DC5243C-C10E-46A1-A71E-7E736FC651E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*", matchCriteriaId: "C17D5800-8A5A-44BE-ACE3-6FB21631551C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*", matchCriteriaId: "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*", matchCriteriaId: "C1671DFA-9DAA-41E5-9528-50F63D32FBF1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*", matchCriteriaId: "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*", matchCriteriaId: "B3BAC4E7-840F-461A-A0F9-6E29F5C43F45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*", matchCriteriaId: "9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*", matchCriteriaId: "FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*", matchCriteriaId: "3D0F1C6C-878B-4E5E-BE82-1FC0B17CEF3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*", matchCriteriaId: "C40C9186-B510-401C-B934-3432C80A38A1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "791D8E77-1A6B-4739-A6E6-BF91E978144E", versionEndExcluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "D788203D-B169-4C98-B090-B070630750DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "846EA6AB-9588-4D9F-AEBD-83B018BE7362", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BDD540F2-C964-40DE-91AB-DE726AAA82A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "685783DB-DD06-4D9C-9E83-63449D5B60D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "C371F2CD-A1F8-4EC7-8096-D61DEA337D44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "B980A72F-53E2-4FC1-AA25-743AE8650641", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "68289AE6-F348-401A-BE49-08889492B23B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "34C768E0-FF5B-413D-87B2-9D09F28F95DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "B77031F5-E097-4549-BF5E-1D0718AB52B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", matchCriteriaId: "5A9C0879-8AE5-4E6E-998C-E79FC418C68A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", matchCriteriaId: "3F1F21D7-08E8-4637-903B-4277399C0BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", matchCriteriaId: "97920D1C-62BA-4B10-9912-C2ED1C1B0313", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", matchCriteriaId: "023C6278-1FF9-4E79-8D95-32BE71701D37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", matchCriteriaId: "34EFB9EF-269E-4A72-8357-2A54E8B78C84", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", matchCriteriaId: "35366F60-D6E2-4B29-B593-D24079CE6831", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", matchCriteriaId: "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", matchCriteriaId: "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", matchCriteriaId: "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", matchCriteriaId: "7F529DB6-4D30-49F8-BFE2-C10C1A899917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", matchCriteriaId: "4EA25296-8163-4C98-A8CD-35834240308E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", matchCriteriaId: "33D51403-A976-4EA3-AA23-C699E03239E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", matchCriteriaId: "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones 13010 y anteriores son vulnerables a la inyección de comandos autenticados. Esto puede ser aprovechado por usuarios con altos privilegios.", }, ], id: "CVE-2022-40770", lastModified: "2024-11-21T07:22:01.673", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-23T03:15:10.280", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-23 18:15
Modified
2024-11-21 07:22
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/CVE-2022-40771.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/CVE-2022-40771.html | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*", matchCriteriaId: "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "23A6549A-A30E-4693-9BAB-2685DB8C40BC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "969E1FCF-76A0-40BC-A38F-56FCB713419F", versionEndExcluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:-:*:*:*:*:*:*", matchCriteriaId: "79342FBF-8F53-4A9D-A021-6748FC42D777", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "298E6401-A9A9-43B6-901F-327944E0AF94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "791D8E77-1A6B-4739-A6E6-BF91E978144E", versionEndExcluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*", matchCriteriaId: "3AE43EA7-9AA1-4EA7-8840-22BD543A093C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "D788203D-B169-4C98-B090-B070630750DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "846EA6AB-9588-4D9F-AEBD-83B018BE7362", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BDD540F2-C964-40DE-91AB-DE726AAA82A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "685783DB-DD06-4D9C-9E83-63449D5B60D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "C371F2CD-A1F8-4EC7-8096-D61DEA337D44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "B980A72F-53E2-4FC1-AA25-743AE8650641", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "68289AE6-F348-401A-BE49-08889492B23B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "34C768E0-FF5B-413D-87B2-9D09F28F95DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "B77031F5-E097-4549-BF5E-1D0718AB52B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", matchCriteriaId: "5A9C0879-8AE5-4E6E-998C-E79FC418C68A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", matchCriteriaId: "3F1F21D7-08E8-4637-903B-4277399C0BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", matchCriteriaId: "97920D1C-62BA-4B10-9912-C2ED1C1B0313", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", matchCriteriaId: "023C6278-1FF9-4E79-8D95-32BE71701D37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", matchCriteriaId: "34EFB9EF-269E-4A72-8357-2A54E8B78C84", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", matchCriteriaId: "35366F60-D6E2-4B29-B593-D24079CE6831", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", matchCriteriaId: "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", matchCriteriaId: "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", matchCriteriaId: "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", matchCriteriaId: "7F529DB6-4D30-49F8-BFE2-C10C1A899917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", matchCriteriaId: "4EA25296-8163-4C98-A8CD-35834240308E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", matchCriteriaId: "33D51403-A976-4EA3-AA23-C699E03239E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", matchCriteriaId: "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", matchCriteriaId: "258BF334-DE00-472D-BD94-C0DF8CDAF53C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", matchCriteriaId: "DCF1B243-DA58-42CD-9DF4-6D4A010796D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", matchCriteriaId: "2B73FD0F-6B48-406E-AB29-606CC07C81C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", matchCriteriaId: "CED2C49D-DB96-4495-BD6F-460871D94EDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.", }, { lang: "es", value: "Las versiones 13010 y anteriores de Zoho ManageEngine ServiceDesk Plus son vulnerables a un ataque de Entidad Externa XML (XXE) que conduce a la divulgación de información.", }, ], id: "CVE-2022-40771", lastModified: "2024-11-21T07:22:01.860", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-23T18:15:12.307", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2025-03-27 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:-:*:*:*:*:*:*", matchCriteriaId: "F47FA243-5596-4E18-B7FA-F3301F5ADF0A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "B0B75973-355C-447E-BBEA-18459A5736C8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*", matchCriteriaId: "7E45A9C9-EE09-493E-AE75-BACCD86B97EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*", matchCriteriaId: "4509077B-AD20-49B3-B23D-A0BC9E7A07E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*", matchCriteriaId: "2B5066A4-D8F9-452D-9686-49B5B33EE326", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*", matchCriteriaId: "A221A081-71CD-437F-9FE2-6A255A816BD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*", matchCriteriaId: "883692B3-A95D-46F5-9E52-7694AF30CBAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*", matchCriteriaId: "D3C36A1A-9E47-4343-936A-711C7234D125", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*", matchCriteriaId: "D7875DEA-DE8F-4AF1-BCE7-FDF2A59C1DED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*", matchCriteriaId: "702DC6C6-7EC3-4897-96E5-4F7DAED23170", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:*", matchCriteriaId: "F4D2A501-3100-484B-A0B9-7BD10DB9D14A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:*", matchCriteriaId: "A2E24BFE-8EA8-4CDF-991B-A005E299518D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13011:*:*:*:*:*:*", matchCriteriaId: "93E24D9D-333B-4EAB-AD78-E568FE2C07EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13012:*:*:*:*:*:*", matchCriteriaId: "CF090E94-1878-400A-8E4E-26F2E1161A2A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.", }, ], id: "CVE-2023-23077", lastModified: "2025-03-27T15:15:43.830", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-01T20:15:12.170", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator", }, { source: "cve@mitre.org", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-05-21 18:29
Modified
2024-11-21 04:22
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*", matchCriteriaId: "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.", }, { lang: "es", value: "Fue descubierto un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Existe un XSS a través del campo de búsqueda SearchN.do.", }, ], id: "CVE-2019-12189", lastModified: "2024-11-21T04:22:23.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-05-21T18:29:00.300", references: [ { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tuyenhva/CVE-2019-12189", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tuyenhva/CVE-2019-12189", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 15:15
Modified
2024-11-21 06:31
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1:-:*:*:*:*:*:*", matchCriteriaId: "94616708-8F58-4E87-BAE5-73133FE433D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:-:*:*:*:*:*:*", matchCriteriaId: "5B4536B5-8263-4D00-A7A4-1B286BB7B311", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8201:*:*:*:*:*:*", matchCriteriaId: "24902805-615E-43C2-BB25-911B8D8ADE29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8202:*:*:*:*:*:*", matchCriteriaId: "554F4EA8-601E-42C4-A154-150EC217A1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8203:*:*:*:*:*:*", matchCriteriaId: "92DFF866-8BF6-416D-BD33-EDA523D1E09C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8204:*:*:*:*:*:*", matchCriteriaId: "E4A0EC51-3D07-4227-A157-4CA204FD02BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8205:*:*:*:*:*:*", matchCriteriaId: "9E9AAB0C-0DBD-47A7-8F0C-670FE85F5CD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8206:*:*:*:*:*:*", matchCriteriaId: "D2C44765-DC25-40B9-82D5-AC143821755B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8207:*:*:*:*:*:*", matchCriteriaId: "937E95E7-E925-40FC-A112-6DA545EF6584", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8208:*:*:*:*:*:*", matchCriteriaId: "7981B9EF-AA5D-4022-B2AB-2EE57A2B1DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8209:*:*:*:*:*:*", matchCriteriaId: "B6B85248-1BD3-4648-B0B3-BD9E98A92A18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8210:*:*:*:*:*:*", matchCriteriaId: "AB274DBB-2B3D-4B7C-9B12-FC5CCABD0F3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8211:*:*:*:*:*:*", matchCriteriaId: "F58D17A3-7395-42CB-A6A1-3362AC37CD58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8212:*:*:*:*:*:*", matchCriteriaId: "98959391-6262-48D6-8546-C42A5D2489C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8213:*:*:*:*:*:*", matchCriteriaId: "E07DD7A7-7D58-4615-ABA3-718088A897FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8214:*:*:*:*:*:*", matchCriteriaId: "C911FE7F-2B93-44E2-BF4A-AF9344D1E3A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8215:*:*:*:*:*:*", matchCriteriaId: "0CEC9CE1-0BE7-4434-B853-A2850EBEB3B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8216:*:*:*:*:*:*", matchCriteriaId: "0E237ABD-4FB9-4DB9-94CE-69F01727799A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8217:*:*:*:*:*:*", matchCriteriaId: "6DEF0341-D42E-4C47-8224-704DD41F7D99", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:-:*:*:*:*:*:*", matchCriteriaId: "577B5A33-FC1D-4334-882E-7007CBF264D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9000:*:*:*:*:*:*", matchCriteriaId: "E2AEEE6B-0187-4D37-A042-170CBE780127", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9001:*:*:*:*:*:*", matchCriteriaId: "0070815C-273A-45A7-BD4A-F0A4553D326E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9002:*:*:*:*:*:*", matchCriteriaId: "F81E4E47-E8DB-4983-8226-6C5E5A283EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9003:*:*:*:*:*:*", matchCriteriaId: "4297FC42-1E40-4AAE-B492-AF29DA0C2979", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9004:*:*:*:*:*:*", matchCriteriaId: "04AA8545-FFFF-4731-BBFC-7BF577872F73", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9005:*:*:*:*:*:*", matchCriteriaId: "D83ACA73-42A4-43CF-B099-9842C935A8CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9006:*:*:*:*:*:*", matchCriteriaId: "74698925-CD1A-483D-9F72-DF95599E9150", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9007:*:*:*:*:*:*", matchCriteriaId: "1ADA7A20-BA3C-4537-8FB5-D5538C762790", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9008:*:*:*:*:*:*", matchCriteriaId: "E29931D8-5840-4796-92D3-FD30FAC633FF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9009:*:*:*:*:*:*", matchCriteriaId: "D4CBFDCE-9DAE-4541-A49E-C864BF849E9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9010:*:*:*:*:*:*", matchCriteriaId: "02FEA14F-7656-43AF-8028-CBA7D0DA0AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9011:*:*:*:*:*:*", matchCriteriaId: "2FE60600-A21B-4153-8296-51EAA465CE8A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9012:*:*:*:*:*:*", matchCriteriaId: "A14D0484-66C4-4EF5-9601-9E533FD0AAED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9013:*:*:*:*:*:*", matchCriteriaId: "DC5D293D-A02C-422A-ADD8-FA6EDD72F4FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9014:*:*:*:*:*:*", matchCriteriaId: "9B780FA5-AF88-4315-9C8A-9AAB8E8030A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9016:*:*:*:*:*:*", matchCriteriaId: "605575AD-C3C8-43A4-AB03-E9719F792324", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9017:*:*:*:*:*:*", matchCriteriaId: "6EFA48CD-C990-4CFE-8C4C-2449D3A3E665", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9018:*:*:*:*:*:*", matchCriteriaId: "14E92F04-550A-4ED9-AF4E-DD7E9F5E15E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9019:*:*:*:*:*:*", matchCriteriaId: "E9DACA83-23CF-4C8D-B5A1-1A1A7AEC20FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9020:*:*:*:*:*:*", matchCriteriaId: "B2733446-DFA8-4B15-A50F-BB6E07D5927E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9021:*:*:*:*:*:*", matchCriteriaId: "10DBE5B0-7E17-413A-AAA8-5F0DEFD6D479", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9022:*:*:*:*:*:*", matchCriteriaId: "744C7BC5-3053-493E-8F1E-52B875EA66F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9023:*:*:*:*:*:*", matchCriteriaId: "24444021-610D-4EF2-BB1A-EB70CD2A5F74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9024:*:*:*:*:*:*", matchCriteriaId: "0594BCB0-F5A5-4F2D-B024-13AC67AA4B0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9025:*:*:*:*:*:*", matchCriteriaId: "004E66AE-F871-45D1-A47A-F27462167C37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9026:*:*:*:*:*:*", matchCriteriaId: "18248546-B217-47A3-8EC1-C71E4358F5B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9027:*:*:*:*:*:*", matchCriteriaId: "160FD535-5B72-4182-9828-725BAF335DD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9028:*:*:*:*:*:*", matchCriteriaId: "49692C35-49DC-4EE5-B360-16078A94D968", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9029:*:*:*:*:*:*", matchCriteriaId: "47A9D8FE-E92F-4136-B212-C42541653781", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9030:*:*:*:*:*:*", matchCriteriaId: "A266AC34-BDF8-4D65-82C9-85D69C509BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9031:*:*:*:*:*:*", matchCriteriaId: "A2EFEE24-1C21-488E-B286-656D25B758BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9032:*:*:*:*:*:*", matchCriteriaId: "5903D3C4-BF84-4CEB-95E9-60C8D4E69D9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9033:*:*:*:*:*:*", matchCriteriaId: "42C571A1-70D4-48DF-8037-31FE362AA7C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9034:*:*:*:*:*:*", matchCriteriaId: "768B75E8-7EAE-4AE6-98BB-A90193A678B3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9035:*:*:*:*:*:*", matchCriteriaId: "3150232F-41A2-4098-81F9-CEF1A60B2F5A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9036:*:*:*:*:*:*", matchCriteriaId: "7850BA73-70CD-4047-AE49-56C5373E20A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9037:*:*:*:*:*:*", matchCriteriaId: "134755A0-28D8-4495-B443-A092C5C0E4EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9038:*:*:*:*:*:*", matchCriteriaId: "D4594C2E-E003-4586-BAF8-DC687347EFB3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9039:*:*:*:*:*:*", matchCriteriaId: "06A9CD32-A6E3-4BFE-8501-FB63000731D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9040:*:*:*:*:*:*", matchCriteriaId: "DBBB3BA2-0FEB-4883-B742-64C478A37B97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9041:*:*:*:*:*:*", matchCriteriaId: "793E9796-D53B-4293-9ECA-4B6EB8E217F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9042:*:*:*:*:*:*", matchCriteriaId: "62244706-A31F-48B8-B35D-C4B0AABAC678", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9043:*:*:*:*:*:*", matchCriteriaId: "5DD600F0-DF69-474C-B2ED-8551BF9F25FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9044:*:*:*:*:*:*", matchCriteriaId: "9D087887-925B-4D03-A04B-110D59A6BC93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9045:*:*:*:*:*:*", matchCriteriaId: "8556C499-F15B-4538-BE38-AD1112917F86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9046:*:*:*:*:*:*", matchCriteriaId: "9300D81A-196A-4C76-ACC1-FE063E1A8CC9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9047:*:*:*:*:*:*", matchCriteriaId: "A7529CE5-C62D-4676-A2F2-15E76F66BD57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9048:*:*:*:*:*:*", matchCriteriaId: "E0C73A49-8143-4C35-95AB-31BB56C80438", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9049:*:*:*:*:*:*", matchCriteriaId: "3F1E996E-FB6A-4F65-9A48-52029627AFDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:-:*:*:*:*:*:*", matchCriteriaId: "71BB9EF4-882F-4339-A088-DFD3EE1296D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9100:*:*:*:*:*:*", matchCriteriaId: "C79B3F6A-7AE0-487E-8044-B6C15E9C21E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9101:*:*:*:*:*:*", matchCriteriaId: "977BF207-74F1-4D9D-BFF9-BF63469E260E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9102:*:*:*:*:*:*", matchCriteriaId: "1EBB9679-E791-4926-9155-99C894F26EAD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9103:*:*:*:*:*:*", matchCriteriaId: "E3FA3476-AEEC-47E6-A2DF-19B24A4CA9F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9104:*:*:*:*:*:*", matchCriteriaId: "035C0A12-BB52-448B-8B34-C62083A60917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9105:*:*:*:*:*:*", matchCriteriaId: "C74B8E40-88E9-495E-980E-20AA69BE4E26", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9106:*:*:*:*:*:*", matchCriteriaId: "CF088327-2D8E-4409-852C-BFF68E6D7449", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9107:*:*:*:*:*:*", matchCriteriaId: "6B8EEE98-CE3E-4D63-AEBE-C0061B7F1CC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9108:*:*:*:*:*:*", matchCriteriaId: "F7738BD7-CA9D-443B-A743-69B96243956B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9109:*:*:*:*:*:*", matchCriteriaId: "6801BD3B-5B95-410B-ABD8-3E1729856615", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9110:*:*:*:*:*:*", matchCriteriaId: "5F6F567B-E445-45B1-ACB6-C61628F39962", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9111:*:*:*:*:*:*", matchCriteriaId: "C066567A-E5A2-48CA-8EAF-2919FC499569", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9112:*:*:*:*:*:*", matchCriteriaId: "B060B925-FDE8-48B3-BF41-32E828ACC5C6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9113:*:*:*:*:*:*", matchCriteriaId: "48C1DC18-3FA3-4709-8251-EB9AD370E529", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9114:*:*:*:*:*:*", matchCriteriaId: "8A46CF84-1258-4217-97E1-B387BAA40A09", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9115:*:*:*:*:*:*", matchCriteriaId: "F8DA4A28-1151-4BFB-A9A0-9BC128FDD57A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9116:*:*:*:*:*:*", matchCriteriaId: "9C7D2FB4-22D5-4A58-AB8E-2B543A57CCD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9117:*:*:*:*:*:*", matchCriteriaId: "799B4970-767F-4207-AACF-2F1AAE09DE47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9118:*:*:*:*:*:*", matchCriteriaId: "068C757A-03A5-4AB2-825F-675028C8E5C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9119:*:*:*:*:*:*", matchCriteriaId: "CB0BFAA6-2D92-4FEA-AFDF-1FB005C64CC0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9120:*:*:*:*:*:*", matchCriteriaId: "412C04A6-F5FD-4EBB-8FCE-BE489D726352", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9121:*:*:*:*:*:*", matchCriteriaId: "842FF39B-7EC2-42AE-8B98-006D8E455A1F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:-:*:*:*:*:*:*", matchCriteriaId: "5272F67C-EBCE-46B5-BF68-DB183704BE45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9200:*:*:*:*:*:*", matchCriteriaId: "DB4472B8-232E-4700-B376-2006005F0F4D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9201:*:*:*:*:*:*", matchCriteriaId: "01A82F61-8882-419F-9715-3A636F5FBD5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9202:*:*:*:*:*:*", matchCriteriaId: "87F8B3E1-8936-470A-BB41-5E5EEC2B86F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9203:*:*:*:*:*:*", matchCriteriaId: "D18E2BB1-3F3B-42BA-8CC0-43627C6B676E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9204:*:*:*:*:*:*", matchCriteriaId: "9B2EE162-C6DE-4182-93A0-021A5410E83C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9205:*:*:*:*:*:*", matchCriteriaId: "C420A37E-E89A-472D-B605-0943F21C0592", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9206:*:*:*:*:*:*", matchCriteriaId: "80BF4466-5244-4238-AD69-66697E5B30B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9207:*:*:*:*:*:*", matchCriteriaId: "54DFDAB9-540E-4388-9FA0-9CAE93FDD78F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9208:*:*:*:*:*:*", matchCriteriaId: "72D32098-2C3C-4EA0-BFE0-127DA43DF136", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9209:*:*:*:*:*:*", matchCriteriaId: "6CD17130-56ED-4460-844D-B877F7E9EB6F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9210:*:*:*:*:*:*", matchCriteriaId: "67C76DD0-258A-4D39-8694-0191B608FDCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9211:*:*:*:*:*:*", matchCriteriaId: "0522B2B2-5647-46AF-AAAE-F86DDACA790B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9212:*:*:*:*:*:*", matchCriteriaId: "524258FD-71A0-4E2D-BE58-2500944EDAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9213:*:*:*:*:*:*", matchCriteriaId: "3529FA8F-A5F5-44DF-9E77-80C9DA7F8ED6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9214:*:*:*:*:*:*", matchCriteriaId: "1117F600-7DA8-4FB7-8CE0-D5EE8194A3F2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9215:*:*:*:*:*:*", matchCriteriaId: "907FE1F5-9F3B-4B06-A89D-CA842BB956AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9216:*:*:*:*:*:*", matchCriteriaId: "5707EB1A-2D06-4FDE-AC23-4EF391018423", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9217:*:*:*:*:*:*", matchCriteriaId: "03A1E00A-5EEC-4DD8-9A6B-732A140E4F24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9218:*:*:*:*:*:*", matchCriteriaId: "DF75E79B-5680-4E72-9597-12C9A32FB075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9219:*:*:*:*:*:*", matchCriteriaId: "03DF444A-CA6E-426B-BC7E-2F1E73E4E5EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9220:*:*:*:*:*:*", matchCriteriaId: "0BE8B99C-0D4F-4BB1-AE62-8FBC1A0F3C9B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9221:*:*:*:*:*:*", matchCriteriaId: "47B69879-E65E-4C31-AC89-C872AF7C7736", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9222:*:*:*:*:*:*", matchCriteriaId: "BE7E7D41-BE15-4439-AB25-65F1FA4A27EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9223:*:*:*:*:*:*", matchCriteriaId: "2008020E-9A7C-42A7-BCA7-DB8A27F5AD6F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9224:*:*:*:*:*:*", matchCriteriaId: "2550C2F0-97B2-49FF-B7EF-D4AD7BA6CFCC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9225:*:*:*:*:*:*", matchCriteriaId: "D3177C32-5A5D-44B4-BD9B-A261EE536098", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9226:*:*:*:*:*:*", matchCriteriaId: "EF5DB83F-5E79-4DD8-AC70-36EE7BB88C30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9227:*:*:*:*:*:*", matchCriteriaId: "68922363-7E1B-42EE-8F29-F19F7AD54F66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9228:*:*:*:*:*:*", matchCriteriaId: "3C1D71E8-AD75-4019-9D8D-BCF1C30F16CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9229:*:*:*:*:*:*", matchCriteriaId: "B28D8431-61FF-4943-9EBE-C0C824B9206F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9230:*:*:*:*:*:*", matchCriteriaId: "00F9A491-EDBB-4C72-A598-03AD807046AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9231:*:*:*:*:*:*", matchCriteriaId: "1DBA185A-70DE-4919-89F8-9DF1CA17FB3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9232:*:*:*:*:*:*", matchCriteriaId: "789190B8-4EAA-4D57-9B59-D30C2183E3D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9233:*:*:*:*:*:*", matchCriteriaId: "0655B57A-0A51-4541-AF81-EBA9E7A200A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9234:*:*:*:*:*:*", matchCriteriaId: "CF4F0539-649F-41FD-8BB6-7158183A670C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9235:*:*:*:*:*:*", matchCriteriaId: "8DD9A63F-309F-423F-98AB-86007CED2C7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9236:*:*:*:*:*:*", matchCriteriaId: "E7389397-03A6-48C6-98AC-7273E3CEF7D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9237:*:*:*:*:*:*", matchCriteriaId: "CC5E6061-FC5D-4201-BD39-3862556F4E66", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9238:*:*:*:*:*:*", matchCriteriaId: "0D33A187-CE61-4A39-8BF7-8A65871C54BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9239:*:*:*:*:*:*", matchCriteriaId: "C42C7942-7F44-42A7-882E-D69CB93620E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9240:*:*:*:*:*:*", matchCriteriaId: "11FD12A0-12FC-4D45-8F5A-86D039D5194A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9241:*:*:*:*:*:*", matchCriteriaId: "A006266D-5686-4867-A9B9-BCAE40B69FAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9242:*:*:*:*:*:*", matchCriteriaId: "967FC7F6-3580-4DCE-A7F0-7C27D0D9FAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:-:*:*:*:*:*:*", matchCriteriaId: "28144D4F-B106-466E-97FE-95792AF01EEE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9300:*:*:*:*:*:*", matchCriteriaId: "45E23A86-2DFB-419B-AD19-1A63E0D12203", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9301:*:*:*:*:*:*", matchCriteriaId: "D6E8AD08-4E3C-4503-A582-B6CEDAE362B4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9302:*:*:*:*:*:*", matchCriteriaId: "2E3824C3-8B4C-4C52-AC13-3911BEE11A45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9303:*:*:*:*:*:*", matchCriteriaId: "52500AC3-F89B-4A95-8C44-B74DA14EF9F2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9304:*:*:*:*:*:*", matchCriteriaId: "1A2C7747-9D88-4962-B8F6-0B4309D0F168", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9305:*:*:*:*:*:*", matchCriteriaId: "E788E5CD-4274-42A1-9974-30E0380D87F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9306:*:*:*:*:*:*", matchCriteriaId: "BD942532-B9A1-4F7B-8E1B-C456516E7168", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9307:*:*:*:*:*:*", matchCriteriaId: "6F16D144-7DDA-4151-8763-FC846BF114EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9308:*:*:*:*:*:*", matchCriteriaId: "43AF43F0-A9E2-4A3F-8011-D52B9D5A2A0F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9309:*:*:*:*:*:*", matchCriteriaId: "B70C28C0-77C2-4A77-8958-A055EB307008", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9310:*:*:*:*:*:*", matchCriteriaId: "BE28CD2C-2B3A-43CF-BDA4-D98852D75EBA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9311:*:*:*:*:*:*", matchCriteriaId: "BD8C312B-8348-4476-B0C3-1544F2D378F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9312:*:*:*:*:*:*", matchCriteriaId: "F56255C6-9E9A-48C4-A83A-C8FA8EEE2190", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9313:*:*:*:*:*:*", matchCriteriaId: "2510E11A-992C-4ED7-9338-AF3B7BBA7160", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9314:*:*:*:*:*:*", matchCriteriaId: "778D0E3E-E77B-44BD-8155-5464405C8691", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9315:*:*:*:*:*:*", matchCriteriaId: "D708A96D-F89E-44D0-B655-6A8BD1D08B72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9316:*:*:*:*:*:*", matchCriteriaId: "4524947C-3F09-4DC7-BE0E-B695BC4C00EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*", matchCriteriaId: "FA1D85B3-8327-4032-96A1-CF3EAF477160", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9318:*:*:*:*:*:*", matchCriteriaId: "78B40A2C-6289-4581-AA84-58FF00DF8861", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9319:*:*:*:*:*:*", matchCriteriaId: "26C645F1-4C43-4D82-B223-2A037A154466", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9320:*:*:*:*:*:*", matchCriteriaId: "FA95FDD5-5530-4B25-9702-12A39FF49F65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9321:*:*:*:*:*:*", matchCriteriaId: "4B8CA6EF-F82C-40A7-B8B4-476082E8F6A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9322:*:*:*:*:*:*", matchCriteriaId: "27627445-9D74-4A82-80C1-17D32B7FF498", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9323:*:*:*:*:*:*", matchCriteriaId: "C5C1BB5D-890E-4A9D-9F2F-68C18DB6BB31", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9324:*:*:*:*:*:*", matchCriteriaId: "3DA73624-42A9-4FB6-B04A-A06AAE3550AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9325:*:*:*:*:*:*", matchCriteriaId: "488F83E8-B1C3-4FF9-82AA-6E849146716A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9326:*:*:*:*:*:*", matchCriteriaId: "B68BF79E-EBB3-4427-AF00-818368FB2873", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9327:*:*:*:*:*:*", matchCriteriaId: "32795B52-2EBE-49D5-9CF2-7809E07D9773", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9328:*:*:*:*:*:*", matchCriteriaId: "BB5FB7E0-7480-4621-A891-F0B146362068", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9329:*:*:*:*:*:*", matchCriteriaId: "01DCE8C6-9F6F-492F-836A-F2959D4D6B2A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9330:*:*:*:*:*:*", matchCriteriaId: "99E9D0C9-98B1-40C9-AB15-ED26C2FD3618", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9331:*:*:*:*:*:*", matchCriteriaId: "6939C42F-7B4E-4D63-B2A3-45624307AE05", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9332:*:*:*:*:*:*", matchCriteriaId: "61804D75-F80A-4432-9872-3CCF74719AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9333:*:*:*:*:*:*", matchCriteriaId: "84B391A6-11E1-4269-8697-1ED54420B4AB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9334:*:*:*:*:*:*", matchCriteriaId: "D8FFC18D-60E1-4E0C-9E1B-73CEEC751882", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9335:*:*:*:*:*:*", matchCriteriaId: "B09F30F9-2EF8-4E93-BD62-E57A553F5BD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9336:*:*:*:*:*:*", matchCriteriaId: "6E8AAA4B-9A8B-4C62-AFAC-D16AD4B4BF1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:-:*:*:*:*:*:*", matchCriteriaId: "1A5B76DE-A0AA-430C-B28F-C9787E7A2EC4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9400:*:*:*:*:*:*", matchCriteriaId: "0261CF58-FB52-40F2-AFB2-F48E9D9F3673", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9401:*:*:*:*:*:*", matchCriteriaId: "8AE37BD3-5FDE-4A0E-9741-60F9E764D7D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9402:*:*:*:*:*:*", matchCriteriaId: "A6C7DD80-BCA4-4121-B1B3-50798BDA71B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9403:*:*:*:*:*:*", matchCriteriaId: "DCC29FD5-BD55-44BB-B8F3-8D04C23DB745", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9404:*:*:*:*:*:*", matchCriteriaId: "551778C6-7F1F-425F-A6C9-5DB05B0A7079", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9405:*:*:*:*:*:*", matchCriteriaId: "2A59669F-DA4C-4CA6-8707-A68F70D7CEF0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9406:*:*:*:*:*:*", matchCriteriaId: "B01B3E70-E529-4152-97B8-98CE35582BE4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9407:*:*:*:*:*:*", matchCriteriaId: "81A265ED-AE4A-4458-81D1-CB8D7EE64442", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9408:*:*:*:*:*:*", matchCriteriaId: "3CAE5F44-B29C-43D9-8F15-CA45AF9FBB34", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9409:*:*:*:*:*:*", matchCriteriaId: "9A66E0C6-071B-4211-ADDD-0555222FEBB2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9410:*:*:*:*:*:*", matchCriteriaId: "A4F3A38F-F263-49C0-BE02-8F8C06E11153", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9411:*:*:*:*:*:*", matchCriteriaId: "7995FB82-C17D-40A4-88E7-D2CB2D41F34C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9412:*:*:*:*:*:*", matchCriteriaId: "A0D73AC6-9715-4ED5-9E9B-F25B9A4A9CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9413:*:*:*:*:*:*", matchCriteriaId: "BB66FAC9-E0D2-444E-9568-2556662B008B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9414:*:*:*:*:*:*", matchCriteriaId: "EF1F53F4-CAA0-4529-A951-263C5FD00270", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9415:*:*:*:*:*:*", matchCriteriaId: "3F1F303C-DBAD-4019-833D-CC92CC3DF32E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9416:*:*:*:*:*:*", matchCriteriaId: "1D8AEDA6-E161-4386-8E0F-424CB6F87CB4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9417:*:*:*:*:*:*", matchCriteriaId: "03FA25BC-B64A-4424-B7D3-97644BDF2015", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9418:*:*:*:*:*:*", matchCriteriaId: "C5244D26-D896-4A8F-A9A7-0B1EC2CDDC06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9419:*:*:*:*:*:*", matchCriteriaId: "827EFFB4-E0E6-4F3B-8397-AE73A3D11B94", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9420:*:*:*:*:*:*", matchCriteriaId: "0A9B0CF3-FE52-4CA1-B1F7-A018FD121FEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9421:*:*:*:*:*:*", matchCriteriaId: "C410A5F5-2415-4767-B120-80645B211013", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9422:*:*:*:*:*:*", matchCriteriaId: "D261E9EC-EFFE-4206-A046-B66DFB8E696C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9423:*:*:*:*:*:*", matchCriteriaId: "778FE067-DAE0-483F-8C73-78906F43ED02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9424:*:*:*:*:*:*", matchCriteriaId: "5DB32A17-00B0-4424-88CD-C9C9253B14E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9425:*:*:*:*:*:*", matchCriteriaId: "F1E09302-1460-4909-8DA7-5904C448CA3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9426:*:*:*:*:*:*", matchCriteriaId: "A4E0DF6C-1980-4634-9A10-740895379369", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9427:*:*:*:*:*:*", matchCriteriaId: "F6553A33-8FF8-48B3-ACAF-C7CBAB6B8383", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0:*:*:*:*:*:*:*", matchCriteriaId: "0D0D82AD-4041-489A-B6BC-9122A5C4284D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*", matchCriteriaId: "97CABEC7-2B76-4B17-B906-1CB2B49515A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*", matchCriteriaId: "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*", matchCriteriaId: "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*", matchCriteriaId: "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*", matchCriteriaId: "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*", matchCriteriaId: "01754D60-5592-4193-A2DF-4CE12D30CF24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*", matchCriteriaId: "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*", matchCriteriaId: "21DC1DA3-012F-4AF2-B6CA-968E50A503EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*", matchCriteriaId: "9DE94B05-7B6A-4912-8590-D9C1791F9B68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*", matchCriteriaId: "16C27699-4157-4473-9FB3-01151B3E21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*", matchCriteriaId: "F9AC6EC8-E1CA-4889-8AF8-482649CF2139", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*", matchCriteriaId: "4186B73E-0E0F-48E1-9A51-B90E228BDA14", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*", matchCriteriaId: "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*", matchCriteriaId: "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*", matchCriteriaId: "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*", matchCriteriaId: "1CD8BB75-E9F0-4675-835B-131C1B459138", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*", matchCriteriaId: "32CFCFEF-FA96-405A-AF7A-A652371A44F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*", matchCriteriaId: "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*", matchCriteriaId: "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*", matchCriteriaId: "9B48D8ED-0539-402C-92A0-0BE8F88ABA46", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*", matchCriteriaId: "20604986-B662-4553-A481-9AC2979C2871", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*", matchCriteriaId: "FF77ADEA-AC44-49FF-BA41-C130FFD01F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*", matchCriteriaId: "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*", matchCriteriaId: "F10A782D-24BB-477D-B828-38FF8C008E85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10500:*:*:*:*:*:*", matchCriteriaId: "EF3B542D-DC8F-4717-B0A8-4466BED2D113", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10501:*:*:*:*:*:*", matchCriteriaId: "982C13E3-8FFD-4112-8866-76C8318BA394", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10502:*:*:*:*:*:*", matchCriteriaId: "300DBEAF-859F-4EBC-919D-0FEDF83CF60F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10503:*:*:*:*:*:*", matchCriteriaId: "8CD6A14F-CE77-41A5-8B11-7CE23A5156E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10504:*:*:*:*:*:*", matchCriteriaId: "E8DF283F-EC49-4930-9319-55562EE1274D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10505:*:*:*:*:*:*", matchCriteriaId: "58C762E2-9B16-4398-A130-5F7AE4171C15", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10506:*:*:*:*:*:*", matchCriteriaId: "CB6C1D7E-00AA-421F-9937-78A837AD41E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10507:*:*:*:*:*:*", matchCriteriaId: "100F898D-525D-4EC1-802D-63BA0EF5690A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10508:*:*:*:*:*:*", matchCriteriaId: "259A3358-86C4-49AB-A113-F000AC076497", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10509:*:*:*:*:*:*", matchCriteriaId: "897FFAD7-D739-4F54-B496-726DA42D1B53", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10510:*:*:*:*:*:*", matchCriteriaId: "D7DDEBCC-8375-4209-883C-CBF669F71DBD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10511:*:*:*:*:*:*", matchCriteriaId: "230A0B00-DE83-472A-A6F9-91DEF51C3756", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10512:*:*:*:*:*:*", matchCriteriaId: "8DB3456E-E1AB-497E-80C4-4B039445146D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10513:*:*:*:*:*:*", matchCriteriaId: "B86DFA37-FBBF-46A7-9350-C97A15514290", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10514:*:*:*:*:*:*", matchCriteriaId: "44226AFE-5AA4-4D83-A85B-6BAB6B1B5609", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10515:*:*:*:*:*:*", matchCriteriaId: "F83D794D-0078-4862-9313-AEE75AC32978", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:-:*:*:*:*:*:*", matchCriteriaId: "BD81D0B5-4C34-4260-A35C-225BBCA3D71A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "3C858317-2F95-4BA2-A9A0-F03BBC3CC2C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "0D2B81A8-C2EE-4666-8D17-A09CCBE6E789", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BF4C5D27-877D-4E79-8634-CC6F2DCB66FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "01F753C4-11F6-4F65-8C38-3A308AA577E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "330149F0-BBE4-4890-B1A8-E96666927802", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "D79D1272-025B-40E2-BE9D-141577DC1FD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "725B0345-D7BD-4302-B81A-C17115FF1070", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "2D0E9A21-D7CB-4129-925F-9D3105071FF2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "01750E0E-29E5-4FFA-8194-813FA363467E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "D8774F16-1A2C-4A91-B132-DE8B1D29DB43", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11012:*:*:*:*:*:*", matchCriteriaId: "1235545F-4C33-4636-9B71-3321B72204F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*", matchCriteriaId: "298623A4-60DF-41F6-B2FD-ED84E6D2C06C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*", matchCriteriaId: "523C554B-076C-4F59-A04B-92D57CDAF7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*", matchCriteriaId: "3A85A576-6144-41DB-9ACF-1DD93D5A8852", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*", matchCriteriaId: "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*", matchCriteriaId: "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*", matchCriteriaId: "063D71A3-F1DF-486A-92E1-338C6D5C9E8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*", matchCriteriaId: "14A2C9CC-D434-41A7-A01A-03933675556A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*", matchCriteriaId: "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*", matchCriteriaId: "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*", matchCriteriaId: "DED26B68-E61F-4575-85AD-48EC2E128712", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*", matchCriteriaId: "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*", matchCriteriaId: "7AFCBA54-26E4-4C56-82BB-135FCA210419", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*", matchCriteriaId: "9B594A55-DBF5-4C3F-855F-843A7F26DFEF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*", matchCriteriaId: "53E10E88-28AE-4F01-AE6E-C76CB3309F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*", matchCriteriaId: "1909D29B-7532-4C60-9F16-BD310022E2A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*", matchCriteriaId: "8B5FA504-BFA4-4740-A3C0-B917AF301E72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*", matchCriteriaId: "2694C1E1-7596-4183-9B09-4BB5BA5C5551", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*", matchCriteriaId: "31A7FA61-399B-4778-828C-BB65548966AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*", matchCriteriaId: "E33CAA7E-2F7B-4833-94F6-6C0F607903CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11118:*:*:*:*:*:*", matchCriteriaId: "81D5E4BB-41F6-46B7-98C7-43DE55785496", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11119:*:*:*:*:*:*", matchCriteriaId: "8400D7D8-D03D-4A5C-B533-A640A648238D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11120:*:*:*:*:*:*", matchCriteriaId: "21E4107F-A0DC-4A53-9352-A442B563599C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11121:*:*:*:*:*:*", matchCriteriaId: "42B90217-2981-4B2A-BB29-BF36F4C1494F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11122:*:*:*:*:*:*", matchCriteriaId: "A96B5C8D-5689-405D-ADD7-8BA0E9755EB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11123:*:*:*:*:*:*", matchCriteriaId: "0B621910-3AE7-4E92-9B6D-C015A8D4AC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11124:*:*:*:*:*:*", matchCriteriaId: "9E480891-A40B-4184-B06D-26EC583FBA41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11125:*:*:*:*:*:*", matchCriteriaId: "8D8905CE-F981-4034-8193-533A4930D518", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11126:*:*:*:*:*:*", matchCriteriaId: "79FBA595-2CDC-45E8-8840-34D17F09A5FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11127:*:*:*:*:*:*", matchCriteriaId: "D462AC9D-8731-49D9-A760-5013B496C8C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11128:*:*:*:*:*:*", matchCriteriaId: "332AB05B-3DC2-493F-8DB8-7DA93531D9BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11129:*:*:*:*:*:*", matchCriteriaId: "A9ED77FC-F359-48AA-8A48-4009B25992D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11130:*:*:*:*:*:*", matchCriteriaId: "98C4DC91-985F-413E-9F6F-27E93C1125E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11131:*:*:*:*:*:*", matchCriteriaId: "6841D87A-97FD-415B-931C-6407A36A1E96", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11132:*:*:*:*:*:*", matchCriteriaId: "D1C4B37D-6983-430C-91C5-635D7EF51A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11133:*:*:*:*:*:*", matchCriteriaId: "4E959106-3183-4D8A-888D-6379DC33234D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11134:*:*:*:*:*:*", matchCriteriaId: "72C74691-300E-4CD7-AD57-594586B12669", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11135:*:*:*:*:*:*", matchCriteriaId: "1F60565E-3BDA-4BE3-B013-1BF4469B8B1B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11136:*:*:*:*:*:*", matchCriteriaId: "6BD8A92A-AC27-4914-B36D-94829478D47A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11137:*:*:*:*:*:*", matchCriteriaId: "7ED4E888-2EFA-4F7F-9503-59F34FF720D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*", matchCriteriaId: "106A06E5-56E8-41D3-A059-7DA6737DABAE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*", matchCriteriaId: "401AEAD2-183D-4E55-94AD-D24A9BE46D61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*", matchCriteriaId: "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*", matchCriteriaId: "417D6E6A-C16A-4A76-8D65-31340834233E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*", matchCriteriaId: "1A040A5B-8C2A-4557-AB5E-1427B0F1E889", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*", matchCriteriaId: "207A81A8-02EF-4793-B047-46581BF7E60B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*", matchCriteriaId: "194BEECD-F877-4D28-A534-E965D69C9EB9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*", matchCriteriaId: "8EA1D3D0-696F-4FFE-9CDE-B69071FA574E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11146:*:*:*:*:*:*", matchCriteriaId: "3F596CC7-20D0-4C88-9184-B5814ECB2E96", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11147:*:*:*:*:*:*", matchCriteriaId: "A8DD80CE-37AF-4EBB-8213-7A388CB38C8A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11118:*:*:*:*:*:*", matchCriteriaId: "2B9E544F-F9B0-4B19-977F-3232FB9E2D2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11119:*:*:*:*:*:*", matchCriteriaId: "67FF6912-9756-4858-A424-322AC9996018", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11120:*:*:*:*:*:*", matchCriteriaId: "138FA16F-7164-47C2-8AD7-273A73D10DD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11121:*:*:*:*:*:*", matchCriteriaId: "4160EAF2-DD38-4B93-871A-52D546B52F38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11122:*:*:*:*:*:*", matchCriteriaId: "04553055-32E7-47AA-B7AE-D32AC0B6F778", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11123:*:*:*:*:*:*", matchCriteriaId: "7BD4A89D-CA7A-444E-AAC3-B10F4070231A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11124:*:*:*:*:*:*", matchCriteriaId: "686E8E20-BF86-4E3E-8D94-35D762D42DD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11125:*:*:*:*:*:*", matchCriteriaId: "84581E5D-5E93-49AC-BF7B-034AC0C79801", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11126:*:*:*:*:*:*", matchCriteriaId: "C69A7EAC-F01B-4EEF-A7CE-C3234BAC0AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11127:*:*:*:*:*:*", matchCriteriaId: "3EC36761-7620-433B-A08D-F5AA700F0CC3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11128:*:*:*:*:*:*", matchCriteriaId: "ED25C1C4-2CB5-4895-BCC8-235B1136480A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11129:*:*:*:*:*:*", matchCriteriaId: "FCD1128E-6CF1-41EA-BC9B-8CD72F68694D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11130:*:*:*:*:*:*", matchCriteriaId: "B9F2B0B2-B317-4211-A7D6-1F7D0ED29FA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11131:*:*:*:*:*:*", matchCriteriaId: "2655E19A-4899-450B-B5CE-239962512F95", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11132:*:*:*:*:*:*", matchCriteriaId: "121210A6-F8DA-4C55-B6D1-EAA521692112", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11133:*:*:*:*:*:*", matchCriteriaId: "CBDFE981-6BF7-414A-8D15-CC8019504E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11134:*:*:*:*:*:*", matchCriteriaId: "40EF9276-1770-4DD9-9AA9-EAD350AA9894", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11135:*:*:*:*:*:*", matchCriteriaId: "AF6F3EB6-B32D-4963-9BA1-0DCCD0AFD165", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11136:*:*:*:*:*:*", matchCriteriaId: "C48B79D4-2033-49AB-80EC-46AB66E6594A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11137:*:*:*:*:*:*", matchCriteriaId: "346F65B2-2BB0-4CE1-9E75-4AA227C62333", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11138:*:*:*:*:*:*", matchCriteriaId: "628A777B-3E19-473D-880B-60A76044ECD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11139:*:*:*:*:*:*", matchCriteriaId: "6A3F477B-E1E0-4E43-AD86-D7B2C9F368D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11140:*:*:*:*:*:*", matchCriteriaId: "A1493E55-D2D0-49AC-8A7C-9A60F676A1A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11141:*:*:*:*:*:*", matchCriteriaId: "5672C8D3-AE5C-4187-B6E1-2C8B5907A98E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11142:*:*:*:*:*:*", matchCriteriaId: "EB92812B-F3DD-4D9F-A522-D0C3AC84FE7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11143:*:*:*:*:*:*", matchCriteriaId: "EAE12731-2F0B-4C85-9795-BC2A7CB7932A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11144:*:*:*:*:*:*", matchCriteriaId: "0833A240-767B-46CF-B67C-52D3E89EE6BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*", matchCriteriaId: "E42B1B2B-7031-4DDA-B5D4-9D6A66BF6B23", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*", matchCriteriaId: "7D130762-4B49-4089-99A1-FEFD6B76AB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*", matchCriteriaId: "CDC33E6B-81E2-4A15-8889-2CD709CF5E45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*", matchCriteriaId: "E08A077E-B1AA-432A-B37A-AA603C8CD1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*", matchCriteriaId: "69B73464-8627-4CCE-93CE-B312A9D7B35C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*", matchCriteriaId: "51839FBE-A7E1-40FD-B44B-F9C8CA62E063", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*", matchCriteriaId: "7BE9BFCC-04AB-4053-949C-B2860E7E43B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*", matchCriteriaId: "A2062399-67EA-4368-9629-60E4A59DDB29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*", matchCriteriaId: "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*", matchCriteriaId: "4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*", matchCriteriaId: "DEE7D305-0FA5-4126-A585-4FC1162AFA29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*", matchCriteriaId: "05376518-DE14-45F7-9B60-F4B4CF7BD7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*", matchCriteriaId: "7FB2885F-308D-4AAC-9CD3-53150CC81C1F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11201:*:*:*:*:*:*", matchCriteriaId: "22068496-B157-406D-A78F-2C649005383A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11202:*:*:*:*:*:*", matchCriteriaId: "463B586A-C9C7-4516-B3CF-FB9688D4951E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11203:*:*:*:*:*:*", matchCriteriaId: "4C7D5AD4-F48A-4BFC-9BAB-DE046E6FD240", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11204:*:*:*:*:*:*", matchCriteriaId: "E668E9E6-D20F-43BE-BEDE-A2B785359A2A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:-:*:*:*:*:*:*", matchCriteriaId: "7C2035DC-3D54-4D0A-B18A-8D5FAA15CF45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*", matchCriteriaId: "188135EF-9821-4325-A34F-AB6F430F5DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*", matchCriteriaId: "DC971E05-D69B-4688-861D-3D6357726CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*", matchCriteriaId: "FF31050A-1CB8-48E0-BFFA-4BC89538FEBA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*", matchCriteriaId: "5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*", matchCriteriaId: "360C0396-E928-4FCB-BAD3-6246A3BCEE37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*", matchCriteriaId: "3287B495-E4CB-4B2F-9ED5-E077AB0CDC11", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11306:*:*:*:*:*:*", matchCriteriaId: "B2DB18CB-A6BB-46FC-B869-44D7ACC2470D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11307:*:*:*:*:*:*", matchCriteriaId: "DEFF58D3-26D4-4ADF-AAD2-0DB622B2BBDB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11308:*:*:*:*:*:*", matchCriteriaId: "CE4567D6-E5DA-48B0-A98C-85C834C43AD4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11309:*:*:*:*:*:*", matchCriteriaId: "36502AA9-7B95-4A7E-99D4-52249D9FDF35", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0:12000:*:*:*:*:*:*", matchCriteriaId: "EBA1584D-1B5D-4734-9B60-F24BC2D82D57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0:12001:*:*:*:*:*:*", matchCriteriaId: "68E040B2-D2D8-4AA3-B362-7A2871C58E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0:12002:*:*:*:*:*:*", matchCriteriaId: "456CB186-7917-4CE0-A810-7BDD32391AE7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticación en determinadas configuraciones de administración", }, ], id: "CVE-2021-44526", lastModified: "2024-11-21T06:31:09.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T15:15:07.700", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2025-03-27 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*", matchCriteriaId: "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "23A6549A-A30E-4693-9BAB-2685DB8C40BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*", matchCriteriaId: "71CED256-A0EF-4933-AE18-421E37D5DB16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*", matchCriteriaId: "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*", matchCriteriaId: "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14004:*:*:*:*:*:*", matchCriteriaId: "547B3D0E-A042-46D1-9836-0B16843FE97D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14005:*:*:*:*:*:*", matchCriteriaId: "CEDD4FE7-4C3C-499A-BED7-41F542AC15D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14006:*:*:*:*:*:*", matchCriteriaId: "882EDA59-A5CD-4B93-8F9B-1E9D50871BEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.", }, ], id: "CVE-2023-23078", lastModified: "2025-03-27T15:15:44.027", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-01T20:15:12.377", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator", }, { source: "cve@mitre.org", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-14 15:15
Modified
2024-11-21 04:27
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "1A1FD0ED-99AD-4B1D-8111-A01A98C2A374", versionEndExcluding: "10509", versionStartIncluding: "10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus 10 anteriores a la versión 10509, permite el filtrado de información confidencial no autenticada durante la replicación de Fail Over Service (FOS), también se conoce como SD-79989.", }, ], id: "CVE-2019-15046", lastModified: "2024-11-21T04:27:56.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-14T15:15:12.800", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/37", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html#10509", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/37", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html#10509", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-29 14:15
Modified
2024-11-21 06:05
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/ | Broken Link | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk-msp/readme.html#10521 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk-msp/readme.html#10521 | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*", matchCriteriaId: "F10A782D-24BB-477D-B828-38FF8C008E85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "D82A926C-EDD8-4540-B6D0-695A16686511", versionEndExcluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*", matchCriteriaId: "6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*", matchCriteriaId: "860EBABC-B252-4C73-97C6-57A67ED94492", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*", matchCriteriaId: "71E4F529-B091-4565-B024-185174483A70", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*", matchCriteriaId: "FADCF801-93E0-430B-BD14-092ACE960D05", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*", matchCriteriaId: "97CD568D-AF18-42E7-8357-9AE2B279BEE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*", matchCriteriaId: "9EB715EE-313B-4D62-A345-C4F7EB7C3DED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*", matchCriteriaId: "B965016B-7584-4661-A8F3-C8EA3DB1E94C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*", matchCriteriaId: "DCF7199B-A66E-425B-9614-D8256C4C828D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*", matchCriteriaId: "81F583C7-CB76-430A-A7AC-F3E727E0A26D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*", matchCriteriaId: "F33A3E84-F73B-4797-8A97-3F10F77BD631", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*", matchCriteriaId: "724284CA-51FE-46E8-B90E-99C53615901B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*", matchCriteriaId: "8342A66C-4C0B-4FAE-987A-276CE126724B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*", matchCriteriaId: "39C638A3-C8A1-4C2A-9B8F-39339F5674CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*", matchCriteriaId: "7BB0CD9F-5459-44A7-9AD1-A70D3208369B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*", matchCriteriaId: "7399A6B2-B0F2-4898-AC04-E50B508EA495", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*", matchCriteriaId: "7793C1AC-38FA-4B31-BB78-004A519DD4A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*", matchCriteriaId: "7C30D050-4BDC-46E6-819E-49898AD56BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*", matchCriteriaId: "AB7D8E3B-30C3-44C5-90B7-561F4E09830E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*", matchCriteriaId: "33960952-4461-4502-A2B5-364E22C96824", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*", matchCriteriaId: "0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*", matchCriteriaId: "AD1A9B14-02F0-4674-9032-73778271CACB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, permite a un atacante acceder a datos internos", }, ], id: "CVE-2021-31160", lastModified: "2024-11-21T06:05:12.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-29T14:15:08.383", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk-msp/readme.html#10521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk-msp/readme.html#10521", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-11-29 04:15
Modified
2025-03-14 16:48
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
References
Impacted products
{ cisaActionDue: "2021-12-15", cisaExploitAdd: "2021-12-01", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*", matchCriteriaId: "106A06E5-56E8-41D3-A059-7DA6737DABAE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*", matchCriteriaId: "401AEAD2-183D-4E55-94AD-D24A9BE46D61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*", matchCriteriaId: "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*", matchCriteriaId: "417D6E6A-C16A-4A76-8D65-31340834233E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*", matchCriteriaId: "1A040A5B-8C2A-4557-AB5E-1427B0F1E889", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*", matchCriteriaId: "207A81A8-02EF-4793-B047-46581BF7E60B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*", matchCriteriaId: "194BEECD-F877-4D28-A534-E965D69C9EB9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*", matchCriteriaId: "8EA1D3D0-696F-4FFE-9CDE-B69071FA574E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*", matchCriteriaId: "7D130762-4B49-4089-99A1-FEFD6B76AB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*", matchCriteriaId: "CDC33E6B-81E2-4A15-8889-2CD709CF5E45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*", matchCriteriaId: "E08A077E-B1AA-432A-B37A-AA603C8CD1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*", matchCriteriaId: "69B73464-8627-4CCE-93CE-B312A9D7B35C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*", matchCriteriaId: "51839FBE-A7E1-40FD-B44B-F9C8CA62E063", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*", matchCriteriaId: "7BE9BFCC-04AB-4053-949C-B2860E7E43B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*", matchCriteriaId: "A2062399-67EA-4368-9629-60E4A59DDB29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*", matchCriteriaId: "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*", matchCriteriaId: "4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*", matchCriteriaId: "DEE7D305-0FA5-4126-A585-4FC1162AFA29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*", matchCriteriaId: "05376518-DE14-45F7-9B60-F4B4CF7BD7A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*", matchCriteriaId: "7FB2885F-308D-4AAC-9CD3-53150CC81C1F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*", matchCriteriaId: "188135EF-9821-4325-A34F-AB6F430F5DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*", matchCriteriaId: "DC971E05-D69B-4688-861D-3D6357726CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*", matchCriteriaId: "FF31050A-1CB8-48E0-BFFA-4BC89538FEBA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*", matchCriteriaId: "5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*", matchCriteriaId: "360C0396-E928-4FCB-BAD3-6246A3BCEE37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*", matchCriteriaId: "3287B495-E4CB-4B2F-9ED5-E077AB0CDC11", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "702877AB-4E70-4E11-BBBF-F3B9670C39FB", versionEndIncluding: "10.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*", matchCriteriaId: "6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*", matchCriteriaId: "860EBABC-B252-4C73-97C6-57A67ED94492", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*", matchCriteriaId: "71E4F529-B091-4565-B024-185174483A70", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*", matchCriteriaId: "FADCF801-93E0-430B-BD14-092ACE960D05", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*", matchCriteriaId: "97CD568D-AF18-42E7-8357-9AE2B279BEE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*", matchCriteriaId: "9EB715EE-313B-4D62-A345-C4F7EB7C3DED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*", matchCriteriaId: "B965016B-7584-4661-A8F3-C8EA3DB1E94C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*", matchCriteriaId: "DCF7199B-A66E-425B-9614-D8256C4C828D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*", matchCriteriaId: "81F583C7-CB76-430A-A7AC-F3E727E0A26D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*", matchCriteriaId: "F33A3E84-F73B-4797-8A97-3F10F77BD631", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*", matchCriteriaId: "724284CA-51FE-46E8-B90E-99C53615901B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*", matchCriteriaId: "8342A66C-4C0B-4FAE-987A-276CE126724B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*", matchCriteriaId: "39C638A3-C8A1-4C2A-9B8F-39339F5674CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*", matchCriteriaId: "7BB0CD9F-5459-44A7-9AD1-A70D3208369B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*", matchCriteriaId: "7399A6B2-B0F2-4898-AC04-E50B508EA495", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*", matchCriteriaId: "7793C1AC-38FA-4B31-BB78-004A519DD4A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*", matchCriteriaId: "7C30D050-4BDC-46E6-819E-49898AD56BFA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*", matchCriteriaId: "AB7D8E3B-30C3-44C5-90B7-561F4E09830E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*", matchCriteriaId: "33960952-4461-4502-A2B5-364E22C96824", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*", matchCriteriaId: "0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*", matchCriteriaId: "AD1A9B14-02F0-4674-9032-73778271CACB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10521:*:*:*:*:*:*", matchCriteriaId: "9F64234B-85F7-45FE-9308-5C45F95EC4AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10522:*:*:*:*:*:*", matchCriteriaId: "9EE6A4EB-E22A-4B06-9C2A-BCF1CA20A2BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10523:*:*:*:*:*:*", matchCriteriaId: "1758E31C-9AD6-480F-B425-EA7776CDA1F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10524:*:*:*:*:*:*", matchCriteriaId: "9506206D-1914-4FDD-AD81-5DACC07B6990", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10525:*:*:*:*:*:*", matchCriteriaId: "79283836-E9D6-4C54-9E3D-40FB586B9071", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10526:*:*:*:*:*:*", matchCriteriaId: "6AA91D46-40E8-4019-B993-80CFAC548F79", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10527:*:*:*:*:*:*", matchCriteriaId: "7DFDE5E2-1F3A-4C1C-9323-0025E87FA4F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10528:*:*:*:*:*:*", matchCriteriaId: "8EDCDA56-54A1-4D94-96FD-AD1064E15767", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10529:*:*:*:*:*:*", matchCriteriaId: "1A3E96BB-0EF9-4DAC-84EB-7496F7293D71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "BBD6428C-9132-46B0-849B-DDDFA23B1C2B", versionEndIncluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "D788203D-B169-4C98-B090-B070630750DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "846EA6AB-9588-4D9F-AEBD-83B018BE7362", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BDD540F2-C964-40DE-91AB-DE726AAA82A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "685783DB-DD06-4D9C-9E83-63449D5B60D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "C371F2CD-A1F8-4EC7-8096-D61DEA337D44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "B980A72F-53E2-4FC1-AA25-743AE8650641", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "68289AE6-F348-401A-BE49-08889492B23B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "34C768E0-FF5B-413D-87B2-9D09F28F95DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "B77031F5-E097-4549-BF5E-1D0718AB52B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", matchCriteriaId: "5A9C0879-8AE5-4E6E-998C-E79FC418C68A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", matchCriteriaId: "3F1F21D7-08E8-4637-903B-4277399C0BD7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecución de código remota no autenticada. Esto está relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuración de Struts", }, ], id: "CVE-2021-44077", lastModified: "2025-03-14T16:48:14.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2021-11-29T04:15:06.737", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12543 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12543 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*", matchCriteriaId: "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.", }, { lang: "es", value: "Se descubrió un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a través del parámetro PurchaseRequest.do serviceRequestId.", }, ], id: "CVE-2019-12543", lastModified: "2024-11-21T04:23:04.427", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-05T15:29:01.810", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12543", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-14 14:15
Modified
2024-11-21 04:28
Severity ?
Summary
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/48473 | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/48473 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*", matchCriteriaId: "97CABEC7-2B76-4B17-B906-1CB2B49515A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*", matchCriteriaId: "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*", matchCriteriaId: "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*", matchCriteriaId: "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*", matchCriteriaId: "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*", matchCriteriaId: "01754D60-5592-4193-A2DF-4CE12D30CF24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*", matchCriteriaId: "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*", matchCriteriaId: "21DC1DA3-012F-4AF2-B6CA-968E50A503EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*", matchCriteriaId: "9DE94B05-7B6A-4912-8590-D9C1791F9B68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*", matchCriteriaId: "16C27699-4157-4473-9FB3-01151B3E21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*", matchCriteriaId: "F9AC6EC8-E1CA-4889-8AF8-482649CF2139", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*", matchCriteriaId: "4186B73E-0E0F-48E1-9A51-B90E228BDA14", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*", matchCriteriaId: "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*", matchCriteriaId: "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*", matchCriteriaId: "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*", matchCriteriaId: "1CD8BB75-E9F0-4675-835B-131C1B459138", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*", matchCriteriaId: "32CFCFEF-FA96-405A-AF7A-A652371A44F9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*", matchCriteriaId: "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*", matchCriteriaId: "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*", matchCriteriaId: "9B48D8ED-0539-402C-92A0-0BE8F88ABA46", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*", matchCriteriaId: "20604986-B662-4553-A481-9AC2979C2871", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*", matchCriteriaId: "FF77ADEA-AC44-49FF-BA41-C130FFD01F30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*", matchCriteriaId: "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At \"Asset Home > Server > <workstation> > software\" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.", }, { lang: "es", value: "Las instalaciones predeterminadas de Zoho ManageEngine ServiceDesk Plus versiones 10.0 anteriores a 10500, son vulnerables un ataque de tipo XSS inyectado por un administrador local de la estación de trabajo. Usando los nombres de los programas instalados de la computadora como un vector, el administrador local puede ejecutar el código en el lado del administrador de Manage Engine ServiceDesk. En \"Asset Home ) Server ) (workstation) ) software\" el administrador de ManageEngine puede controlar cual software está instalado en la estación de trabajo. Esta tabla muestra todos los nombres de los programas instalados en la columna Software. En este campo, un atacante remoto puede inyectar código malicioso para ejecutarlo cuando el administrador de ManageEngine visualice esta página.", }, ], id: "CVE-2019-15083", lastModified: "2024-11-21T04:28:01.047", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-14T14:15:11.600", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.exploit-db.com/exploits/48473", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.exploit-db.com/exploits/48473", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:27
Severity ?
Summary
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Aug/17 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Aug/17 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "1A1FD0ED-99AD-4B1D-8111-A01A98C2A374", versionEndExcluding: "10509", versionStartIncluding: "10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality", }, { lang: "es", value: "** EN DISPUTA ** AjaxDomainServlet en Zoho ManageEngine ServiceDesk Plus versión 10 permite la enumeración de usuarios. NOTA: la posición del proveedor es que esta es la funcionalidad prevista.", }, ], id: "CVE-2019-15045", lastModified: "2024-11-21T04:27:56.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-21T19:15:13.840", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2019/Aug/17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-10 12:15
Modified
2024-11-21 05:45
Severity ?
Summary
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-22 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-22 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "DF230228-9493-4B59-865E-D6DD0BD88ABE", versionEndExcluding: "11.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*", matchCriteriaId: "E42B1B2B-7031-4DDA-B5D4-9D6A66BF6B23", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11201:*:*:*:*:*:*", matchCriteriaId: "22068496-B157-406D-A78F-2C649005383A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11202:*:*:*:*:*:*", matchCriteriaId: "463B586A-C9C7-4516-B3CF-FB9688D4951E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11203:*:*:*:*:*:*", matchCriteriaId: "4C7D5AD4-F48A-4BFC-9BAB-DE046E6FD240", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11204:*:*:*:*:*:*", matchCriteriaId: "E668E9E6-D20F-43BE-BEDE-A2B785359A2A", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.", }, { lang: "es", value: "La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM", }, ], id: "CVE-2021-20081", lastModified: "2024-11-21T05:45:53.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "COMPLETE", baseScore: 9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-10T12:15:07.910", references: [ { source: "vulnreport@tenable.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-22", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2021-22", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-23 15:15
Modified
2024-11-21 05:36
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "1055C366-37DF-4269-AC26-9185B17F2C81", versionEndIncluding: "11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 permite un ataque de cross-site scripting (XSS). Este problema se solucionó en la versión 11.0 Build 11010, SD-83959.", }, ], id: "CVE-2020-6843", lastModified: "2024-11-21T05:36:16.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-23T15:15:14.207", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/32", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/34", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2020/Jan/32", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2020/Jan/34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2025-03-27 15:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*", matchCriteriaId: "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "23A6549A-A30E-4693-9BAB-2685DB8C40BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*", matchCriteriaId: "71CED256-A0EF-4933-AE18-421E37D5DB16", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*", matchCriteriaId: "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*", matchCriteriaId: "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14004:*:*:*:*:*:*", matchCriteriaId: "547B3D0E-A042-46D1-9836-0B16843FE97D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14005:*:*:*:*:*:*", matchCriteriaId: "CEDD4FE7-4C3C-499A-BED7-41F542AC15D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14006:*:*:*:*:*:*", matchCriteriaId: "882EDA59-A5CD-4B93-8F9B-1E9D50871BEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.", }, ], id: "CVE-2023-23074", lastModified: "2025-03-27T15:15:43.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-01T20:15:11.493", references: [ { source: "cve@mitre.org", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator", }, { source: "cve@mitre.org", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Vendor Advisory", ], url: "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-11 14:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*", matchCriteriaId: "FA1D85B3-8327-4032-96A1-CF3EAF477160", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.", }, { lang: "es", value: "Se ha descubierto un problema en Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Los usuarios no autenticados pueden validar cuentas de usuario de dominio mediante el envío de una petición que contiene el nombre de usuario de un endpoint de la API. El endpoint devolverá el dominio de inicio de sesión del usuario si las cuentas existen o \"null\" en caso contrario.", }, ], id: "CVE-2018-7248", lastModified: "2024-11-21T04:11:52.570", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-11T14:29:00.267", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104287", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gitlab.com/e-sterling/cve-2018-7248", }, { source: "cve@mitre.org", url: "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104287", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gitlab.com/e-sterling/cve-2018-7248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-11 14:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 10.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*", matchCriteriaId: "F10A782D-24BB-477D-B828-38FF8C008E85", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.", }, { lang: "es", value: "Se detectó un problema en el componente Purchase de ManageEngine ServiceDesk Plus de Zoho. Se presenta un problema de tipo XSS por medio del campo de búsqueda SearchN.do, una vulnerabilidad diferente a CVE-2019-12189.", }, ], id: "CVE-2019-12539", lastModified: "2024-11-21T04:23:03.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-11T14:15:11.333", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12541 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12541 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*", matchCriteriaId: "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.", }, { lang: "es", value: "Se descubrió un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a través del parámetro SolutionSearch.do searchText.", }, ], id: "CVE-2019-12541", lastModified: "2024-11-21T04:23:04.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-05T15:29:01.467", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12541", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-15 21:15
Modified
2025-02-13 18:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "725AEAF1-8E3C-4D33-B65D-C8304506A131", versionEndExcluding: "5.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_appcreator:*:*:*:*:*:*:*:*", matchCriteriaId: "8A753D74-F09F-4C42-A7C2-4D3A280FCACC", versionEndExcluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2AEDFE0E-9C9A-4DF6-9918-B5BD4DC67624", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "21C65599-8166-4066-BF0F-5C3CC55F544A", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "C6CB1749-097D-4F9F-94DB-F35E72A42034", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*", matchCriteriaId: "06579974-7085-42B3-9F9F-A733A1CA37D9", versionEndExcluding: "11.2.2322.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_central_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "F551AC16-6CBA-4460-A05D-D083967BDF07", versionEndExcluding: "11.2.2322.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "DFE96B83-9684-4955-81C5-AD5B5BC817DF", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0FC58FEB-B8E4-4B1C-AE55-F4577D7BF505", versionEndExcluding: "10.1.2204.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:10.1.2207.4:*:*:*:*:*:*:*", matchCriteriaId: "A5B65D12-7DAE-4815-993C-7C5903E990DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*", matchCriteriaId: "7C070B9E-FE09-4CFE-B489-DC9CED210CF1", versionEndExcluding: "1.2.2331.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "6B9C6675-2DDB-4FD6-8FA6-B3EE56F87F69", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "FA4B79F8-4D04-4EA4-8754-355DB6CA71B8", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management:*:*:*:*:*:*:*:*", matchCriteriaId: "DAA39630-6CE1-46E3-AF49-67DB09308C5D", versionEndExcluding: "10.2.11", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A4D89B41-A239-4329-9BEA-6D52EE8644D8", versionEndExcluding: "11.2.2328.01", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2CD7707C-0FE5-475D-8FB2-CDB19363421A", versionEndExcluding: "6.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6300:*:*:*:*:*:*", matchCriteriaId: "F0C93DB0-3029-4D49-B180-6EFAEC4B712B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6301:*:*:*:*:*:*", matchCriteriaId: "F69BFD56-BA90-426C-9EF1-4BD925657BDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6302:*:*:*:*:*:*", matchCriteriaId: "1171C259-086C-42CA-BE56-5B410677F72C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6303:*:*:*:*:*:*", matchCriteriaId: "827B0C20-903F-48A5-8918-81F39202C21F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*", matchCriteriaId: "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*", matchCriteriaId: "72C14C6D-5C72-4A39-A8FF-93CD89C831C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*", matchCriteriaId: "D47DA377-0AF4-453E-9605-A5F87FA14E61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*", matchCriteriaId: "BC919233-CE66-416C-8649-B94A23F131F5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E802FD77-E67A-438C-82CE-9FC7536FB14E", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*", matchCriteriaId: "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*", matchCriteriaId: "237AA2F5-B9A3-4C40-92AC-61FE47A017BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*", matchCriteriaId: "4C23A64C-65CB-447B-9B5F-4BB22F68FC79", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*", matchCriteriaId: "3489D84B-5960-4FA7-A2DD-88AE35C34CE6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*", matchCriteriaId: "D86AB1CC-0FDE-4CC1-BF64-E0C61EAF652F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*", matchCriteriaId: "076FDAE7-9DB2-4A04-B09E-E53858D208C7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*", matchCriteriaId: "07C08B57-FA76-4E24-BC10-B837597BC7E0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*", matchCriteriaId: "0D734ACB-33E8-4315-8A79-2B97CE1D0509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*", matchCriteriaId: "9314CA98-7A69-4D2B-9928-40F55888C9FF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*", matchCriteriaId: "BCE7999C-D6AE-4406-A563-A520A171381D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*", matchCriteriaId: "D5716895-4553-4613-B774-0964D3E88AA0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F", versionEndExcluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*", matchCriteriaId: "BFD452AD-7053-4C13-97DA-326C3DC6E26C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*", matchCriteriaId: "0B87956F-9C45-4A65-BEB2-77A247BD7A39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*", matchCriteriaId: "17BE6347-1605-47DB-8CFE-B587E3AB4223", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*", matchCriteriaId: "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*", matchCriteriaId: "E6A7C5C6-0137-4279-A7EA-3439BE477A3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*", matchCriteriaId: "C921F1B2-69B4-448F-AC7C-2F4474507FAB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*", matchCriteriaId: "91DB9017-1BCF-48DB-97AE-4214150BAE77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*", matchCriteriaId: "D066B999-8554-49F0-92C3-1A4DDEA6E32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*", matchCriteriaId: "635F80E1-4A73-48DC-A128-D61716D70839", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*", matchCriteriaId: "E74FE1C4-471A-4040-96A4-0BE46745199B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*", matchCriteriaId: "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*", matchCriteriaId: "99C928C2-4711-4765-BDF2-E7FB448F5771", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*", matchCriteriaId: "EDF77387-21C7-45CA-B843-EBA956EE2BB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*", matchCriteriaId: "5C2C0067-538B-4102-8B4E-603BD4CE8F86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*", matchCriteriaId: "DAF47C10-AAE9-40CF-A033-44D54A81E69F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*", matchCriteriaId: "36D0331C-58EA-4B68-88C4-7A193BE5C62E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*", matchCriteriaId: "3CA59781-E48C-487E-B3AF-96560F3152EB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*", matchCriteriaId: "E4812B9E-15CA-4700-9115-EAE0A97F0E3C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*", matchCriteriaId: "CE513A2B-0371-4D3C-A502-CDA3DB474F3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*", matchCriteriaId: "5E498ACE-8332-4824-9AFE-73975D0AC9EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*", matchCriteriaId: "F070B928-CF57-4502-BE26-AD3F13A6ED4B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*", matchCriteriaId: "635D24F2-9C60-4E1A-BD5F-E5312FA953A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*", matchCriteriaId: "5E983854-36F8-407F-95C8-E386E0F82366", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*", matchCriteriaId: "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*", matchCriteriaId: "7820751F-E181-4BB7-8DAF-BF21129B24D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*", matchCriteriaId: "14ADB666-EEB9-4C6D-93F4-5A45EBA55705", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*", matchCriteriaId: "93C4B398-8F9A-44AC-8E43-C4C471DE9565", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*", matchCriteriaId: "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*", matchCriteriaId: "C7EF76FE-3FD9-4548-A372-22E280484ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4162:*:*:*:*:*:*", matchCriteriaId: "0F95BCBE-399F-4CCC-A17B-C0C3A03A99AB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB", versionEndExcluding: "6.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*", matchCriteriaId: "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*", matchCriteriaId: "C12C9470-3D3B-426E-93F9-79D8B9B25F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*", matchCriteriaId: "227F1242-E0A9-45C5-9198-FD8D01F68ABF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6111:*:*:*:*:*:*", matchCriteriaId: "2FE57085-2085-4F62-9900-7B8DFC558418", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6120:*:*:*:*:*:*", matchCriteriaId: "CAB7FA92-DC12-4E8A-91CC-3C98ED74E47B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6121:*:*:*:*:*:*", matchCriteriaId: "D04530C2-E4D0-4717-95DB-B7C224348502", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6125:*:*:*:*:*:*", matchCriteriaId: "9BBD018F-C1FD-4A0F-A145-253D86185F6E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", matchCriteriaId: "E913F3D6-9F94-4130-94FF-37F4D81BAEF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*", matchCriteriaId: "34D23B58-2BB8-40EE-952C-1595988335CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*", matchCriteriaId: "322920C4-4487-4E44-9C40-2959F478A4FA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*", matchCriteriaId: "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*", matchCriteriaId: "014DB85C-DB28-4EBB-971A-6F8F964CE6FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*", matchCriteriaId: "5E9B0013-ABF8-4616-BC92-15DF9F5CB359", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*", matchCriteriaId: "5B744F32-FD43-47B8-875C-6777177677CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*", matchCriteriaId: "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*", matchCriteriaId: "D3012C17-87F5-4FFD-B67B-BEFF2A390613", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*", matchCriteriaId: "1E33D368-2D81-4C7E-9405-7C0A86E97217", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*", matchCriteriaId: "7AA9384F-6401-4495-B558-23E5A7A7528C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*", matchCriteriaId: "E492F955-0734-4AE4-A59F-572ADF0CFE75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*", matchCriteriaId: "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "A9BB59DF-8786-4DC0-9254-F88417CA7077", versionEndExcluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*", matchCriteriaId: "6BA1E99E-789C-4FDD-AA89-4C5391B95320", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*", matchCriteriaId: "7EA6EC34-6702-4D1A-8C63-5026416E01A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*", matchCriteriaId: "0720F912-A070-43E9-BD23-4FAD00026DCF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*", matchCriteriaId: "161C81D2-7281-4F89-9944-1B468B06C264", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*", matchCriteriaId: "718EEA01-B792-4B7E-946F-863F846E8132", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*", matchCriteriaId: "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*", matchCriteriaId: "47BBC46A-16C7-4E9B-A49A-8101F3039D0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*", matchCriteriaId: "D989FB08-624D-406B-8F53-A387900940F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*", matchCriteriaId: "8ADB6CFE-1915-488C-93FE-96E8DF3655F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*", matchCriteriaId: "EDCCB442-D0E4-47C7-A558-36657A70B3CF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*", matchCriteriaId: "8794F807-1D50-44D4-8969-FD68EFF2F643", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*", matchCriteriaId: "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*", matchCriteriaId: "6976DCDA-E27A-4367-8EFE-74DC6F63018F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*", matchCriteriaId: "101908A5-CAEF-44F8-A6C8-FE01CA9FA836", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*", matchCriteriaId: "F957BE56-474A-4593-8710-F86DB13C7407", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*", matchCriteriaId: "B8479442-1A4A-4F27-9778-664C7693C815", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*", matchCriteriaId: "EEF00ADC-105F-4B7E-857B-17565D67C7D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*", matchCriteriaId: "CA292949-6E99-49A5-94F7-23448494F5C4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*", matchCriteriaId: "863CBE20-60A5-4A08-BF16-4E40E88B9AB1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*", matchCriteriaId: "28A105B4-7BF0-4054-AAE7-8453E13E2B63", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*", matchCriteriaId: "94C78301-44B7-45B2-836E-15E45FAC8625", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*", matchCriteriaId: "F408067C-13C1-40BE-8488-9EB7FF0EDF9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*", matchCriteriaId: "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4531:*:*:*:*:*:*", matchCriteriaId: "DC06E46F-441E-445B-A780-702B170901DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4532:*:*:*:*:*:*", matchCriteriaId: "A8A98287-DB5D-44A3-B835-54BACFC12944", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4533:*:*:*:*:*:*", matchCriteriaId: "53F32DE7-F211-4BEF-99C1-CE38EFDBCCC2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4535:*:*:*:*:*:*", matchCriteriaId: "91C3EE55-B71B-432C-A68E-BB126A715375", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4536:*:*:*:*:*:*", matchCriteriaId: "FD48F21A-2D38-4EB8-B190-58CF176C1EEF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4537:*:*:*:*:*:*", matchCriteriaId: "76346162-0BF0-4B21-82D2-2548A989396A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4538:*:*:*:*:*:*", matchCriteriaId: "5313C4EF-A960-4BCA-AA97-EDC88402A175", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "E4282B6D-6C85-4F13-B789-E641FB5986FE", versionEndExcluding: "4.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*", matchCriteriaId: "A160274C-F07A-43D9-A4DB-8773F004B9B0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*", matchCriteriaId: "341DF953-3DC7-476E-A79D-8CBD011C52A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*", matchCriteriaId: "AB6582AC-03DB-4905-BD03-EEDC314EB289", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*", matchCriteriaId: "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*", matchCriteriaId: "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*", matchCriteriaId: "1592B321-1D60-418D-9CD8-61AEA57D8D90", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*", matchCriteriaId: "E582FA9F-A043-4193-961D-A49159F1C921", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*", matchCriteriaId: "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*", matchCriteriaId: "28EAB920-2F01-483E-9492-97DBFBD7535F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*", matchCriteriaId: "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*", matchCriteriaId: "37976BE2-4233-46F7-B6BB-EFA778442AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*", matchCriteriaId: "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*", matchCriteriaId: "C069FF04-4061-4560-BA55-1784312047A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*", matchCriteriaId: "0D428FA6-08BA-4F7E-B1C7-4AFD17919899", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*", matchCriteriaId: "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*", matchCriteriaId: "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*", matchCriteriaId: "EF9477F5-C6FD-4589-917B-FD206371DB33", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*", matchCriteriaId: "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*", matchCriteriaId: "8CB27467-3157-466A-B01C-461348BD95C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*", matchCriteriaId: "2D575B4D-D58A-4B92-9723-4AB54E29924A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*", matchCriteriaId: "E76BB070-9BC9-4712-B021-156871C3B06A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*", matchCriteriaId: "52D35850-9BE1-479A-B0AF-339E42BCA708", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*", matchCriteriaId: "681A77B6-7E22-4132-803B-A0AD117CE7C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4531:*:*:*:*:*:*", matchCriteriaId: "EF72A1BF-EE5D-4F43-B463-7E51285D4D5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4532:*:*:*:*:*:*", matchCriteriaId: "2FDD429A-E938-483A-BCCF-50A2AD4096CB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4533:*:*:*:*:*:*", matchCriteriaId: "162D604A-7F0E-44CF-9E48-D8B54F8F3509", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4535:*:*:*:*:*:*", matchCriteriaId: "AD38FA0F-B94F-4731-A652-07702EE0B808", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4536:*:*:*:*:*:*", matchCriteriaId: "F2C3767E-A56B-4580-AF8C-9BF5852EE414", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4537:*:*:*:*:*:*", matchCriteriaId: "5434E8CB-8DD0-4245-AF61-CF3A69BD0C3B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4538:*:*:*:*:*:*", matchCriteriaId: "C2403DA1-FBF8-495E-B996-4060F6BE6EE9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "30C9A012-AD39-45B2-BA3F-8D7180FC5390", versionEndExcluding: "4.4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*", matchCriteriaId: "7C5E7CE6-F85E-49B2-9078-F661AA3723C4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*", matchCriteriaId: "1194B4C2-FBF2-4015-B666-235897971DD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*", matchCriteriaId: "4F5F0CA5-CEC3-4342-A7D1-3616C482B965", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4403:*:*:*:*:*:*", matchCriteriaId: "B7B8A2F3-5F46-40B2-A4E7-118341443C53", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4404:*:*:*:*:*:*", matchCriteriaId: "767BF16D-8CD8-4E8A-9A3B-CB11EB48FB9D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "658DC76D-E0FE-40FA-B966-6DA6ED531FCD", versionEndExcluding: "6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*", matchCriteriaId: "948993BE-7B9E-4CCB-A97F-28B46DFE52A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*", matchCriteriaId: "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*", matchCriteriaId: "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*", matchCriteriaId: "4C8B3F77-7886-4F80-B75A-59063C762307", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*", matchCriteriaId: "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*", matchCriteriaId: "A708628C-31E8-4A52-AEF7-297E2DDFA0C8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*", matchCriteriaId: "A8A01385-A493-42C0-ABBE-6A30C8594F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*", matchCriteriaId: "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*", matchCriteriaId: "B6865936-A773-4353-8891-8269508B2180", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*", matchCriteriaId: "9CAD778E-8FDB-4CE2-A593-75EEA75F6361", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*", matchCriteriaId: "52A9BA64-A248-4490-BDA7-671D64C0B3CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*", matchCriteriaId: "DFF0A7E8-888B-4CBE-B799-16557244DDF3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*", matchCriteriaId: "8B480202-7632-4CFA-A485-DDFF1D1DB757", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*", matchCriteriaId: "AB9B0721-49FD-49E7-97E4-E4E3EBF64856", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*", matchCriteriaId: "874F5DDD-EA8D-4C1E-824A-321C52959649", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*", matchCriteriaId: "8CAA4713-DA95-46AC-AFA5-9D22F8819B06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*", matchCriteriaId: "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*", matchCriteriaId: "832AAAAF-5C34-4DDF-96A4-080002F9BC6A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*", matchCriteriaId: "29ED63C4-FB06-41AC-ABCD-63B3233658A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*", matchCriteriaId: "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*", matchCriteriaId: "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*", matchCriteriaId: "51400F37-6310-44A3-A683-068DF64D20F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*", matchCriteriaId: "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*", matchCriteriaId: "78CB8751-856A-41AC-904A-70FA1E15A946", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*", matchCriteriaId: "72B7E27E-1443-46DC-8389-FBD337E612F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*", matchCriteriaId: "F9BB1077-C1F5-4368-9930-8E7424E7EB98", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*", matchCriteriaId: "EE307CE4-574D-4FF7-BED6-5BBECF886578", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6062:*:*:*:*:*:*", matchCriteriaId: "49E40C74-7077-4366-82A7-52B454725B3A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6070:*:*:*:*:*:*", matchCriteriaId: "038D7936-C837-4E49-89BC-D11DF2C875D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6071:*:*:*:*:*:*", matchCriteriaId: "D1DC87E8-3053-4823-BFDB-46BAF3FCEFF8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6072:*:*:*:*:*:*", matchCriteriaId: "E384B5D8-CF9A-4C6D-AB4A-5B1A66768ADB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:*:*:*:*:*:*:*:*", matchCriteriaId: "DC606E6A-3523-41D5-94C9-A62E8630A687", versionEndExcluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*", matchCriteriaId: "7001A0A7-159C-48A3-9800-DAFBA31D05BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*", matchCriteriaId: "583B46D4-529F-404F-9CF3-4D7526889682", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*", matchCriteriaId: "0D89C2A2-CE20-4954-8821-C73F9E3EC767", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*", matchCriteriaId: "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*", matchCriteriaId: "233874F0-A19F-447C-ACE2-5DD06829C920", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*", matchCriteriaId: "C4447E47-C6DB-440D-AF35-8130687E9BB2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*", matchCriteriaId: "405ECB05-7E35-4927-A19A-92A4B7FE8B1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*", matchCriteriaId: "9F1EC2A5-7498-40F9-91A4-B004AEA1136C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*", matchCriteriaId: "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*", matchCriteriaId: "DD3B14B6-8329-43C4-AE42-13279E77275E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*", matchCriteriaId: "7792B448-4D34-42F8-919C-344783D625E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*", matchCriteriaId: "E297C040-0523-4A50-97AB-349880D5B3A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*", matchCriteriaId: "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*", matchCriteriaId: "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*", matchCriteriaId: "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*", matchCriteriaId: "6E0C9493-EB87-4197-AF8B-BCA25488BCDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*", matchCriteriaId: "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*", matchCriteriaId: "FBD7855F-4B66-4F43-960C-73E69C52E865", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*", matchCriteriaId: "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*", matchCriteriaId: "36A68C2E-978A-4F82-AC61-E9E7CA9908A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4046:*:*:*:*:*:*", matchCriteriaId: "6C8D7EA7-7CC3-48B0-B966-71A69FDE6A7E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4047:*:*:*:*:*:*", matchCriteriaId: "05D804B6-5990-42A7-A072-8F904A5262E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4048:*:*:*:*:*:*", matchCriteriaId: "0C720653-317E-4B1C-AFA8-90FAE97430C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90001:*:*:*:*:*:*", matchCriteriaId: "A9C350FA-E483-4C06-A784-5679ED0471BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90063:*:*:*:*:*:*", matchCriteriaId: "15A47AA7-8B49-41EC-AB57-5706989DF756", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90064:*:*:*:*:*:*", matchCriteriaId: "D1CCB7C8-86B9-4DA8-93D0-F96B81C82F32", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90065:*:*:*:*:*:*", matchCriteriaId: "397140D3-2424-42D9-9900-625EC4E95D22", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90066:*:*:*:*:*:*", matchCriteriaId: "BA8C9A27-572E-407F-826A-1206394044D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90067:*:*:*:*:*:*", matchCriteriaId: "7601CC24-FC2D-4805-A975-2D307DECDF2D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90068:*:*:*:*:*:*", matchCriteriaId: "A513B136-7DC5-48DD-BDCB-1620A14849B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90069:*:*:*:*:*:*", matchCriteriaId: "0858CFDE-7D76-4A63-BE21-A73310AD17BD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90070:*:*:*:*:*:*", matchCriteriaId: "1BD8F9F8-89EB-422E-A4B1-E715AFD72341", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90071:*:*:*:*:*:*", matchCriteriaId: "E0271D12-94E8-4345-9666-4A47A5AAB824", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90072:*:*:*:*:*:*", matchCriteriaId: "513337E6-D805-461B-812F-D6EEA0921883", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90073:*:*:*:*:*:*", matchCriteriaId: "8EB5C610-33AC-486C-AF48-4A889D429420", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90074:*:*:*:*:*:*", matchCriteriaId: "81FC1ED5-99FF-4C30-BCE0-5CDC7A5E4C03", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90075:*:*:*:*:*:*", matchCriteriaId: "EA473C80-4100-4170-9601-8C9EEB5F64CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90076:*:*:*:*:*:*", matchCriteriaId: "5D2C41A7-1602-43CD-9E6D-A0178931C020", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90077:*:*:*:*:*:*", matchCriteriaId: "238E3508-0230-441E-8114-6EEB79E22632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90078:*:*:*:*:*:*", matchCriteriaId: "2C85C7DB-BC46-4D0A-8353-C2DB51BFFD85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90079:*:*:*:*:*:*", matchCriteriaId: "0BAAFCD6-5945-46BE-9380-5C2F79060B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90080:*:*:*:*:*:*", matchCriteriaId: "B6E108C0-075A-493D-B8AE-343D81BEC9C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90081:*:*:*:*:*:*", matchCriteriaId: "CA614153-4E29-45AB-BBC2-9BA0CDAD4B8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90082:*:*:*:*:*:*", matchCriteriaId: "F95B1920-005C-494C-A9A9-C72502E45723", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90083:*:*:*:*:*:*", matchCriteriaId: "DA3C51B7-B8A0-42F4-ADC9-C949B610EE2E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90084:*:*:*:*:*:*", matchCriteriaId: "180D4816-E5D0-406B-B289-4B1984250B50", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90085:*:*:*:*:*:*", matchCriteriaId: "57883D51-1188-4C14-B2EF-26FD4B156526", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90086:*:*:*:*:*:*", matchCriteriaId: "D5A59B7E-74CF-425F-B814-313D5F1F7670", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90087:*:*:*:*:*:*", matchCriteriaId: "327F6B11-9176-4791-96D0-FAD8EBE9D5E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90088:*:*:*:*:*:*", matchCriteriaId: "5E057023-0175-4DB5-98A4-942FB81AF59A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90089:*:*:*:*:*:*", matchCriteriaId: "28E12A60-CEB6-46BD-A4E8-48651A651E5D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90090:*:*:*:*:*:*", matchCriteriaId: "25FA111C-01EA-49CA-BF67-A8C8C9A6E415", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90091:*:*:*:*:*:*", matchCriteriaId: "855DD295-DB63-4AF1-8C5A-0904BF049658", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90092:*:*:*:*:*:*", matchCriteriaId: "CDFE095C-C659-44BE-9740-C8B712165912", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90093:*:*:*:*:*:*", matchCriteriaId: "FFB28D66-83BF-4685-9015-0B30021C59C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90094:*:*:*:*:*:*", matchCriteriaId: "9B82AA92-96B6-4841-BAC0-AA1487CBEB7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90095:*:*:*:*:*:*", matchCriteriaId: "81A65567-42E6-416B-8FB0-2571FDF60207", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90096:*:*:*:*:*:*", matchCriteriaId: "2193F4C6-5679-487B-82B8-C55A874ED5A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90097:*:*:*:*:*:*", matchCriteriaId: "124CB5EC-44C1-4136-B495-053F2299E59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90098:*:*:*:*:*:*", matchCriteriaId: "A183735E-12AF-4692-A228-FE3B1169ABBC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90099:*:*:*:*:*:*", matchCriteriaId: "3C1C57BB-73A7-4B48-B99C-A18E1CE55553", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90100:*:*:*:*:*:*", matchCriteriaId: "020F4E45-45D2-4F1A-BAF8-8C61F45F5770", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90101:*:*:*:*:*:*", matchCriteriaId: "039F68D9-A36A-44BE-A457-790ECCB20FD5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90102:*:*:*:*:*:*", matchCriteriaId: "23BDB028-FCCE-4A9D-887B-6A6F8166CFCB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90103:*:*:*:*:*:*", matchCriteriaId: "5210BAA8-2ECC-49AA-8408-815433DC28D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90104:*:*:*:*:*:*", matchCriteriaId: "C8DC19CC-3F95-4753-8037-FB627D1D6167", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90105:*:*:*:*:*:*", matchCriteriaId: "93F07AFE-4E9A-4001-A17A-606A7B5E83F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90106:*:*:*:*:*:*", matchCriteriaId: "06B25C38-DE86-4F3E-918E-BC70FCC0054B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90107:*:*:*:*:*:*", matchCriteriaId: "E3F2E0E6-01D2-418D-872E-B117259E990F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90108:*:*:*:*:*:*", matchCriteriaId: "41D80E46-35FE-45E5-96D6-28691C0847DA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90109:*:*:*:*:*:*", matchCriteriaId: "4D7768DA-1111-4557-A0D6-D3A74AC7FA54", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90110:*:*:*:*:*:*", matchCriteriaId: "B3001463-3729-4216-B420-602A11C74244", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90111:*:*:*:*:*:*", matchCriteriaId: "9A68EC19-3A57-41C4-90FA-CB1BF20EB8DA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90112:*:*:*:*:*:*", matchCriteriaId: "193913B2-25D1-4779-B7E6-ACC5992AFC97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90113:*:*:*:*:*:*", matchCriteriaId: "E7AA77AA-E00E-4125-A698-12B30434F632", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90114:*:*:*:*:*:*", matchCriteriaId: "229FBCFC-2810-44D1-9687-A7C060F6F9D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90115:*:*:*:*:*:*", matchCriteriaId: "99C3BBC2-F1D3-4873-A8FB-1B79A2163F74", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90116:*:*:*:*:*:*", matchCriteriaId: "4A06EF86-915C-4D09-965B-3A9D4DFC96B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90117:*:*:*:*:*:*", matchCriteriaId: "3D67F80D-E999-4E46-8386-8122DC17DBCC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90118:*:*:*:*:*:*", matchCriteriaId: "2593B38A-1281-41C9-B065-E6EFDF6BD71C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90119:*:*:*:*:*:*", matchCriteriaId: "B61541E8-5818-475B-9E54-C45C71C14A9E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90120:*:*:*:*:*:*", matchCriteriaId: "84DE1BA0-8C36-44DF-91A0-96EA6EF736D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90121:*:*:*:*:*:*", matchCriteriaId: "BB2F2DEA-5E03-442E-A46B-B6C218BF3273", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90122:*:*:*:*:*:*", matchCriteriaId: "CCEFA415-47D7-4DA2-B541-DD0B67AF30A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90123:*:*:*:*:*:*", matchCriteriaId: "B147B06A-969E-4541-A863-DF4045D39527", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:*:*:*:*:*:*:*:*", matchCriteriaId: "B20C46B3-C23E-42AF-BA81-117B8541171B", versionEndExcluding: "9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90012:*:*:*:*:*:*", matchCriteriaId: "A897E8C8-6058-4BEC-BF00-3E8614238E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90013:*:*:*:*:*:*", matchCriteriaId: "8B39A3B3-5B9E-4B31-9CE2-3625EA9C9AD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90014:*:*:*:*:*:*", matchCriteriaId: "FBF5AF44-E30B-4948-B0E2-42EE062DC3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90015:*:*:*:*:*:*", matchCriteriaId: "356F078A-9887-423A-8BA7-74201DE109F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90016:*:*:*:*:*:*", matchCriteriaId: "9B8887A3-14C6-4DFB-9EBF-35966B4E6158", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90017:*:*:*:*:*:*", matchCriteriaId: "3A0FE6B3-E037-45F4-A907-51CD99E7B8DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90018:*:*:*:*:*:*", matchCriteriaId: "250CFA85-89C5-4F75-AF0F-BEA9C816E54E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90019:*:*:*:*:*:*", matchCriteriaId: "85B8B8F4-951D-446C-A8F8-EEBDC385D83E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90020:*:*:*:*:*:*", matchCriteriaId: "288C8246-7367-4D10-A0D4-5426B7EA17A7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90021:*:*:*:*:*:*", matchCriteriaId: "59326535-A08E-4588-BAB8-9DF094FB61F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90022:*:*:*:*:*:*", matchCriteriaId: "077B9DBD-190C-4F20-BD3A-64D6887B7930", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90030:*:*:*:*:*:*", matchCriteriaId: "0587320F-C57E-41F7-B31F-1EA52ED234B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90031:*:*:*:*:*:*", matchCriteriaId: "0911BEEC-A6E4-440C-8217-A7FAAC1D3972", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90032:*:*:*:*:*:*", matchCriteriaId: "A9D9805F-4F6B-4A15-A444-3B6538BCDDB0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90033:*:*:*:*:*:*", matchCriteriaId: "48901205-BDE9-4CBA-9E3B-779D949CBF58", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90034:*:*:*:*:*:*", matchCriteriaId: "69539391-6C6A-498A-B952-D4F12C2FEC4D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90035:*:*:*:*:*:*", matchCriteriaId: "4A36B8AA-987B-4112-8B67-5BC306F9CF86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90036:*:*:*:*:*:*", matchCriteriaId: "96E9422A-CA9D-4BC8-90DB-3E3A1966E94C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90041:*:*:*:*:*:*", matchCriteriaId: "11A2E17D-3B33-4531-B78B-156BC2C7E53A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90042:*:*:*:*:*:*", matchCriteriaId: "4C34129B-5A15-4BE9-BB15-66101A5EAB65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90043:*:*:*:*:*:*", matchCriteriaId: "DA9A87D7-0707-4321-B5D2-2B4CBC66E838", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90044:*:*:*:*:*:*", matchCriteriaId: "C2C06D73-9BEA-4604-BE73-3CE8A2DDD52A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90056:*:*:*:*:*:*", matchCriteriaId: "DAA7B941-6FE6-45CA-931D-6414DFEA9B50", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90057:*:*:*:*:*:*", matchCriteriaId: "F7EEEF6C-DD29-4E6F-BED7-AE10184C2F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90058:*:*:*:*:*:*", matchCriteriaId: "D36AD9EC-82D0-451B-ADD4-1EEC0FDC389B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90072:*:*:*:*:*:*", matchCriteriaId: "F68164FC-9A09-4145-97B8-99EE5532E6E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90074:*:*:*:*:*:*", matchCriteriaId: "2FB5646D-11C7-4878-9471-4F6D483CE979", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90075:*:*:*:*:*:*", matchCriteriaId: "BBC0A0C3-C33E-46E9-A099-A5A66F576138", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90076:*:*:*:*:*:*", matchCriteriaId: "76584957-0388-4421-8336-75EE90D00349", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90077:*:*:*:*:*:*", matchCriteriaId: "05C542D5-7E3A-46E2-8CB6-A13159EFA4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90078:*:*:*:*:*:*", matchCriteriaId: "7E7BF415-29D3-4BD0-8613-317D7EC7C992", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90079:*:*:*:*:*:*", matchCriteriaId: "7F046602-4595-48C8-83F5-A43FD501003F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90080:*:*:*:*:*:*", matchCriteriaId: "FC5B464F-D327-4181-A911-2E3683B914B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90081:*:*:*:*:*:*", matchCriteriaId: "025D8F22-968F-44B6-83E1-13DAB7A514A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90082:*:*:*:*:*:*", matchCriteriaId: "F9F60549-59CE-47D0-BF2A-91B84A0B1984", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90083:*:*:*:*:*:*", matchCriteriaId: "6F982139-0EDC-411C-A074-A29963DCA328", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90084:*:*:*:*:*:*", matchCriteriaId: "FBED4ED7-E991-48D0-AE27-71F9DEA5EDA8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90085:*:*:*:*:*:*", matchCriteriaId: "8C6BE721-D851-406E-9AAF-01F9A9E15ADF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90086:*:*:*:*:*:*", matchCriteriaId: "F1D6E935-53D3-462D-9DD8-91BFEC90BB2F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90087:*:*:*:*:*:*", matchCriteriaId: "E580F0AB-B840-4293-8639-4B7DD7981EAB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90088:*:*:*:*:*:*", matchCriteriaId: "2CC8FE34-A5C9-4EF7-AA05-BEE403AB3B73", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90090:*:*:*:*:*:*", matchCriteriaId: "A80444F6-755F-4FE3-96B3-744A842D40AD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "0026FC79-6554-4B68-89EB-D7A8422C7406", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "94F878CC-E691-41E9-A90D-72EA25038963", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*", matchCriteriaId: "6D1EA156-BD95-4AAA-B688-0CD62CCDB60A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*", matchCriteriaId: "8033E51C-D261-4A12-96CD-AE1F13BFD2AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*", matchCriteriaId: "9EE1E1E6-ED1C-443A-A576-AD47D65082B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*", matchCriteriaId: "3E283214-CE6A-4CD6-9E9B-7BF09C37447D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "8FF84A5E-C43B-4637-B725-1087D2057EED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*", matchCriteriaId: "25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*", matchCriteriaId: "46E32091-F91D-4706-A4F9-DC658CF36A6D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*", matchCriteriaId: "AC7D1106-6708-4A84-A077-286376C72AB7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*", matchCriteriaId: "071B3368-D7C2-4EE1-808F-1F4A3C3A4756", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*", matchCriteriaId: "4E9D5882-91D6-4E9D-AD8B-F3861D987826", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*", matchCriteriaId: "17931D40-369C-430F-B5ED-FAF69FAA0E3F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*", matchCriteriaId: "02B4D022-BC43-4041-BA2B-60A6D42AD150", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*", matchCriteriaId: "15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "5ED17849-BC14-4996-9DF9-7645B1E17374", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*", matchCriteriaId: "D91F6CC5-EDBE-420F-8871-03B8D10254B2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*", matchCriteriaId: "E82C682C-9F61-45B7-B934-8D6DDBA792AC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*", matchCriteriaId: "2FC7728B-9FFC-4A8F-BE24-926B8C2823AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "78BE6CCE-706E-436B-A6E6-26E7D044B209", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*", matchCriteriaId: "8BD54A67-C531-4642-90D4-C6E402D55AC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*", matchCriteriaId: "9DF164BD-EF39-42E2-807D-F298D68A8D3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*", matchCriteriaId: "5D85766D-1BAC-4477-96D6-EA989D392128", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*", matchCriteriaId: "CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*", matchCriteriaId: "16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*", matchCriteriaId: "F3D18E27-EE06-4555-A675-1BAC7D3DD8E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*", matchCriteriaId: "0FEFDFF7-5538-4C53-922A-A5E71A0D643E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*", matchCriteriaId: "02463016-7156-470F-8535-EF4C7E150546", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*", matchCriteriaId: "8DEB616C-2DDC-4138-B6FC-8B2680D35485", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*", matchCriteriaId: "D51E7B22-9293-4086-B143-2D279597A5CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*", matchCriteriaId: "BB4D8585-6109-45C0-94B4-667D11F0509F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*", matchCriteriaId: "97CB62BA-09FA-446D-A8CF-958980B67F13", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*", matchCriteriaId: "F871111C-4B61-4C50-ABDA-78D8D988DCD3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*", matchCriteriaId: "9950CFB9-FCDE-4696-97AF-251467270375", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*", matchCriteriaId: "B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*", matchCriteriaId: "56BCA911-733C-4F8C-B3CD-22F3E6CA1F38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*", matchCriteriaId: "A1281E75-AC6D-4077-9207-7CA7E5BCB1CF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*", matchCriteriaId: "CC052CBA-2B37-4E84-978D-36185EE1A3A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "72CC7428-8DD0-45DB-8D80-C02CD9B6CB65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*", matchCriteriaId: "0C1691B0-FA38-4A29-8D49-D99A675C122A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*", matchCriteriaId: "194ACE61-101D-40C3-9377-12039533AB45", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*", matchCriteriaId: "86428D44-03BC-4528-ADB5-3AC05231759D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*", matchCriteriaId: "B694D0FC-320A-44F9-9FFB-0706CDD3004C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*", matchCriteriaId: "BE298317-10EE-4A34-B4D0-8D03B727A75B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*", matchCriteriaId: "B0A1B243-163D-461B-BEAB-81E6E2DB36EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*", matchCriteriaId: "5E86C3A0-700E-4CB2-AFDC-F203C61D413C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*", matchCriteriaId: "A550184D-13BD-4F2A-9DE5-AC66B496FFC2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*", matchCriteriaId: "538BCF38-69B6-4686-B1F1-82B10175CCBD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*", matchCriteriaId: "F29A6AE3-B864-4552-9BE9-074CB6935B07", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "7CD2AB8D-F638-48E0-A5D6-1E969F9998B4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "76528168-A54D-4398-B558-6DC27ACCBFBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*", matchCriteriaId: "6C1DCA3B-41B8-402B-B5E8-2C3494C36B77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*", matchCriteriaId: "531A9E5C-9C45-4982-8ADE-5B41CE5F5B48", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*", matchCriteriaId: "FA70F031-A7EF-49F5-A1F6-C3DD33198D86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*", matchCriteriaId: "5DF093BF-830B-4C9A-A4B2-41C7811E4EFA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*", matchCriteriaId: "AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*", matchCriteriaId: "A2176672-0E34-4B46-9202-483F1D315836", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*", matchCriteriaId: "FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "94AF723B-F1B7-44A8-B654-7C10881A6AF8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:*", matchCriteriaId: "0C65E8BE-968F-4AB8-BD3F-A123C66E576A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:*", matchCriteriaId: "9A4C70B1-A902-4835-BFFC-692CA91C1317", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "06FE113C-94B6-419B-8AA0-767EA74D11ED", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:*", matchCriteriaId: "C30413D5-7F5B-47EE-825E-CEEF69DAC5B7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:*", matchCriteriaId: "57DA6C66-3235-4923-89D0-EF093FF4126F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:*", matchCriteriaId: "82307372-C2CF-4E19-9D1D-7D33FCCE8F5B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "A5289D80-1C75-4819-B615-8259B25B1E9E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:*", matchCriteriaId: "25CC8F8B-9072-41E3-8045-25D12EE22427", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:*", matchCriteriaId: "6000E214-BF19-469C-A7CA-CC91465B2CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:*", matchCriteriaId: "1AA9EA4B-DD82-46E7-9C44-77AC076F61CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:*", matchCriteriaId: "50E697EA-0A78-477D-B726-AC54EE868244", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:*", matchCriteriaId: "E64AAB62-43C4-4284-B2AA-1DC55B972803", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125346:*:*:*:*:*:*", matchCriteriaId: "E3A43E19-D06D-4856-AA55-02B8148EAB49", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125358:*:*:*:*:*:*", matchCriteriaId: "310C491E-92CE-4EE8-9CDE-70640DE9CAB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125359:*:*:*:*:*:*", matchCriteriaId: "A82217B5-0A11-4BE6-ACEF-991B2DFE53D6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125360:*:*:*:*:*:*", matchCriteriaId: "7C69DA1F-F0A3-4E9F-96E2-F7A4E9B876C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125361:*:*:*:*:*:*", matchCriteriaId: "033944E6-8A01-4566-81C4-2B76F10C2839", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "3D969C61-1F9A-4B97-B6DA-04F84E3E2936", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125364:*:*:*:*:*:*", matchCriteriaId: "9984754B-1FA5-4CDF-AFC3-BD97C6C6B177", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125366:*:*:*:*:*:*", matchCriteriaId: "718427DB-57A7-4AB0-AA4C-7716E5A5F084", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125367:*:*:*:*:*:*", matchCriteriaId: "CD43B869-6A7F-461D-A870-448C91FB7A02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125375:*:*:*:*:*:*", matchCriteriaId: "98DD8376-4B21-4024-878D-DB74D1FF7A2E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125376:*:*:*:*:*:*", matchCriteriaId: "5E8B8FBA-39ED-4E7A-AA1C-A6C15E8C92B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125377:*:*:*:*:*:*", matchCriteriaId: "4742B198-8630-4A45-AE87-6731BF56081A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125378:*:*:*:*:*:*", matchCriteriaId: "3782ABA4-5247-4349-8CD8-BCE85B98D44E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125379:*:*:*:*:*:*", matchCriteriaId: "C39E5DB9-1B75-4204-9B24-70F6294F1F42", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125380:*:*:*:*:*:*", matchCriteriaId: "F9459981-3E65-489C-9A70-B582EC9C8BC1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "BF90B539-9180-4A96-9E2F-F35DCA6DD720", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125382:*:*:*:*:*:*", matchCriteriaId: "2A6D1150-602E-4006-9F6B-10C6649AC05B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125386:*:*:*:*:*:*", matchCriteriaId: "FB168E3D-63AB-45D7-AAC1-2D01CD6956F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125392:*:*:*:*:*:*", matchCriteriaId: "B8DCEAE6-AAE6-40B0-83B2-A579A6BF9854", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125393:*:*:*:*:*:*", matchCriteriaId: "FCFEA624-968F-4A0F-969D-2190B1269EAC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125394:*:*:*:*:*:*", matchCriteriaId: "64F9D21C-AC05-4629-864F-85AFA3789739", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125397:*:*:*:*:*:*", matchCriteriaId: "07E47F97-63EC-4BF1-AE54-3B510B66202D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125398:*:*:*:*:*:*", matchCriteriaId: "160765FF-9A56-4072-9580-C6DCB573B061", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "F1EE56C3-5F42-4D2C-AEC0-035078DAE445", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125405:*:*:*:*:*:*", matchCriteriaId: "16593100-F288-4013-BF48-48CA482FC62D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125410:*:*:*:*:*:*", matchCriteriaId: "5BCA02F3-EF72-4F28-9ABB-D75EB6CE3338", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125411:*:*:*:*:*:*", matchCriteriaId: "D8052948-7F5B-4E63-B1B7-B244D6A0AC39", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125413:*:*:*:*:*:*", matchCriteriaId: "B6359934-CA70-4A8A-99E5-806555900EF6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125414:*:*:*:*:*:*", matchCriteriaId: "83BAAE61-540D-4E36-8B63-2438EC3B1479", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125415:*:*:*:*:*:*", matchCriteriaId: "008A2BF2-E18B-492F-9DFF-19618F998664", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125416:*:*:*:*:*:*", matchCriteriaId: "5023E77A-908C-41AE-ADC7-580F44ADC376", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125417:*:*:*:*:*:*", matchCriteriaId: "797D16E7-484D-4793-9040-74B815DC52B7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125420:*:*:*:*:*:*", matchCriteriaId: "7D923373-B575-44C8-9B4D-DB824EC59B68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125428:*:*:*:*:*:*", matchCriteriaId: "B88917EC-3ABB-475E-B374-272CE5272D56", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125430:*:*:*:*:*:*", matchCriteriaId: "BD457A1B-023A-42CF-ADED-648A061AAAE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125431:*:*:*:*:*:*", matchCriteriaId: "9B9E22A4-676A-4D75-850F-15E5EC9A2911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125432:*:*:*:*:*:*", matchCriteriaId: "4E6BA9C0-59DB-49E5-826E-1CA885FA28CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125433:*:*:*:*:*:*", matchCriteriaId: "95715B71-FA63-40A2-9EA6-56250318FC73", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125434:*:*:*:*:*:*", matchCriteriaId: "2591F23D-DB1F-44B0-B67A-13483408DE4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125437:*:*:*:*:*:*", matchCriteriaId: "E4F035FB-54A9-47C0-8896-174A742E23B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125446:*:*:*:*:*:*", matchCriteriaId: "34B52052-FBFC-4803-B999-448A9385B613", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125448:*:*:*:*:*:*", matchCriteriaId: "A1F97594-BF89-4B5D-B1CE-706708891450", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*", matchCriteriaId: "A436DAC3-05F7-48DE-A2E2-0084AE31D9A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*", matchCriteriaId: "544961BA-03CA-49D6-AB7C-CFF597B3BB8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*", matchCriteriaId: "9CDBD0CB-8495-44A1-BF9B-29A195D9F718", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*", matchCriteriaId: "73B5365C-92ED-41CC-9B05-8BB1FE21F3C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*", matchCriteriaId: "B652092E-570C-4D4E-A133-627426C50F6E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*", matchCriteriaId: "DC13FB20-119C-47F9-870D-399811661896", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125457:*:*:*:*:*:*", matchCriteriaId: "BC457292-04FE-4643-8F1D-05DAEF3F70BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125466:*:*:*:*:*:*", matchCriteriaId: "29CBDA2B-5A6A-4DB0-AC37-EAD8E05B55BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "CD266A0D-E726-4BC7-B3B9-6E3176415188", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125468:*:*:*:*:*:*", matchCriteriaId: "046B7B6F-85DE-4BDB-8860-ECA208C4D697", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125469:*:*:*:*:*:*", matchCriteriaId: "C60E51D9-A842-49FF-8793-84C074DBE5EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125470:*:*:*:*:*:*", matchCriteriaId: "753B2FC9-342B-4456-85D9-27734BE7C6FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125476:*:*:*:*:*:*", matchCriteriaId: "BE930B14-4B22-4299-8DE8-7625342FC4E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "45B93007-AD6A-4978-9752-41DF72D34A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "863CBACB-F9A3-44AC-B795-C2C0EB5C9E3F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "AB28B644-BFD0-4588-B544-A139B26DDDE4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125486:*:*:*:*:*:*", matchCriteriaId: "944F7C2F-53D4-4933-BD63-DF15C5A5CD65", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125487:*:*:*:*:*:*", matchCriteriaId: "F6D0F0D1-7DF5-4C8D-9B31-B347E5A567DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "870A721F-2991-4041-AB1D-DE3D953B8669", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125489:*:*:*:*:*:*", matchCriteriaId: "4F7FC0E5-8D0D-45CF-AEFA-180B79BC8B0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125567:*:*:*:*:*:*", matchCriteriaId: "7D394493-D690-44F0-B3F0-FD39E46F31C0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "AF8CBF57-EF1A-4C84-879B-1A4035F4236A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125587:*:*:*:*:*:*", matchCriteriaId: "2F1E924E-8896-41CE-82E2-F22943A02FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125588:*:*:*:*:*:*", matchCriteriaId: "FB058840-E3D0-45FA-B95F-3445A7719118", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125589:*:*:*:*:*:*", matchCriteriaId: "FD9B23C4-3458-4E6C-B1AB-D4A36BE8FFA2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125597:*:*:*:*:*:*", matchCriteriaId: "D2A7AA89-7233-4624-894A-B2B996D1D270", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125598:*:*:*:*:*:*", matchCriteriaId: "B6B402ED-8B64-4FB0-B9E7-76E499A4115F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125599:*:*:*:*:*:*", matchCriteriaId: "4E8B01F2-0A03-48CF-8BAE-556A9C3D88FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125601:*:*:*:*:*:*", matchCriteriaId: "3C07E022-B75C-4491-8A30-9A1532D0472C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125603:*:*:*:*:*:*", matchCriteriaId: "00E92DB5-8D53-4129-92D0-AD1DA0F1FEB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125604:*:*:*:*:*:*", matchCriteriaId: "913CD99C-8F47-47BD-BD7C-33762861BB08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125605:*:*:*:*:*:*", matchCriteriaId: "67B7F52E-7D7A-4AA9-9241-FFCC3DD49BBB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125611:*:*:*:*:*:*", matchCriteriaId: "D02650C3-1A7F-4889-B6CB-11994054B5F6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125612:*:*:*:*:*:*", matchCriteriaId: "01FEA1CA-351B-4E2B-A78E-60338682F97F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125613:*:*:*:*:*:*", matchCriteriaId: "04C9E097-FE04-42BD-96C8-2A3A9FD50B25", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125614:*:*:*:*:*:*", matchCriteriaId: "94F895DB-C865-4AED-A1D9-CE69C0EF52FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "8B565B12-283F-4323-9C88-FD3CF5646DD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125616:*:*:*:*:*:*", matchCriteriaId: "9FDC3394-293E-44CF-A83F-FE047A4E4DE0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125617:*:*:*:*:*:*", matchCriteriaId: "01846F8F-D7D6-4CD9-B83E-41B70C691761", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125628:*:*:*:*:*:*", matchCriteriaId: "CAE013FC-357D-42DA-B223-D40B3C813089", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125629:*:*:*:*:*:*", matchCriteriaId: "E4BA87E9-5E37-41EE-835C-13F68ABC9C06", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125630:*:*:*:*:*:*", matchCriteriaId: "D2034E17-2DB9-4229-B7D4-D14761CEE699", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125631:*:*:*:*:*:*", matchCriteriaId: "39FBAFB9-5703-4EEA-BFF3-45B958E0805F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*", matchCriteriaId: "93A02A7E-02A8-4B74-AA9F-3DA0492748EF", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "24B04D73-0C55-49A8-B599-27C8C04948C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:*", matchCriteriaId: "97E74846-1666-4773-910D-77E0E19A7FCD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:*", matchCriteriaId: "BB90B809-9D97-469F-B8F6-41B4AEAA2D3E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:*", matchCriteriaId: "423C8618-9F3B-4B83-902C-FF01027EC54A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:*", matchCriteriaId: "7E974B56-7A00-4582-AF8B-0D09B94477BF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:*", matchCriteriaId: "7B6F8404-F624-41AA-BE8D-170D843EC290", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "D0FF81E5-2134-4F45-9B39-2E3D5208BB80", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:*", matchCriteriaId: "0D5DA95F-7C0F-4D05-BD35-DED356D01692", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:*", matchCriteriaId: "2B3A3EC3-DF7C-41A6-884C-C7C13D41B61E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:*", matchCriteriaId: "89EE3E31-8F55-4E44-8522-A32D6887AE97", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:*", matchCriteriaId: "979ED7B4-FAE3-4E98-A303-290E498FFD81", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:*", matchCriteriaId: "EDC62E2F-AB97-4008-A52B-9CDC341A06BD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:*", matchCriteriaId: "93DF7023-22AE-4A84-8734-06239013C10C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:*", matchCriteriaId: "2A128BED-75FA-42F1-9171-CBAEAA2366A6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:*", matchCriteriaId: "5298BB50-8E22-490A-87C7-7F40B7F8F7C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:*", matchCriteriaId: "39C34F02-E413-4067-B958-86ADF89FA3AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:*", matchCriteriaId: "A0673E69-A2DB-424C-BBF0-79D729230F1E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:*", matchCriteriaId: "4F062A20-6FFE-479B-9E64-E4771490B041", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:*", matchCriteriaId: "C598244E-7483-4762-AC27-BD8036FEFE5E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:*", matchCriteriaId: "B188A792-EF1A-4292-BD91-47635706C430", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:*", matchCriteriaId: "BEFACD7A-D81B-4EDC-9E38-FD93FA0DE456", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:*", matchCriteriaId: "DF818138-079A-43BE-A8B5-5DA47FA443AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:*", matchCriteriaId: "27066A8F-75C4-42BF-A54B-543114B92995", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:*", matchCriteriaId: "A239C6F8-3FC0-4510-B33F-14B25908E68F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:*", matchCriteriaId: "E8399E84-1344-4472-91F3-F63255911876", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:*", matchCriteriaId: "8888C77E-04A7-4C34-B497-504F6217E07B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:*", matchCriteriaId: "7502D92A-3B51-4A76-88D6-E2D76A584075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:*", matchCriteriaId: "7E465A5F-C8B0-4AD0-8D6D-4823C5F8153D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:*", matchCriteriaId: "DBA622D6-CD85-4F0F-8CC3-39FE29754039", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:*", matchCriteriaId: "A0D2828B-B897-4F1D-B657-436DB3CAC2FD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:*", matchCriteriaId: "98279B6E-8361-45CA-8912-F06972F4BD1B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:*", matchCriteriaId: "A7D879C8-E89F-45C1-9609-80B737080AFE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:*", matchCriteriaId: "3D8FD2DE-18D9-4F50-9256-672435059876", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:*", matchCriteriaId: "F01FEA58-BE5B-4CEC-831D-3BF05A20688D", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*", matchCriteriaId: "039C6DE6-DEA2-42E9-AE55-322E8E6B048C", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "55EA00B6-DE5D-4DE4-85AC-38A1216B4923", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "BC4DF055-45CD-4B83-A7BA-59D6E46BD4D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125119:*:*:*:*:*:*", matchCriteriaId: "F9B51EF5-800F-446B-9F2D-47D45445E73E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "C4C2087D-1B7B-4DA4-8288-D5366BC9735F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "B8FE0307-3CA7-445E-BA42-27D65C298E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125129:*:*:*:*:*:*", matchCriteriaId: "F6F9CB58-3B55-4E6F-AE24-D16552EE3614", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125138:*:*:*:*:*:*", matchCriteriaId: "006DB16B-34C4-4359-96A1-381F7C66BF18", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "7EFE37CC-58F5-4B08-95C2-D9DAFC8D9C31", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125162:*:*:*:*:*:*", matchCriteriaId: "4F102286-1D21-48AB-A1B4-ADB5A4D3EEA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "7DDD3297-57ED-40D4-AC54-4484A3E9C633", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125194:*:*:*:*:*:*", matchCriteriaId: "8F467A89-13F7-47E9-8285-041DB3F33603", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "E8C93717-4E5A-4686-A83F-A7D4AC732144", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "5A15AF17-8500-4102-AF1C-897360BB985C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125233:*:*:*:*:*:*", matchCriteriaId: "D9B364E3-45C1-4C71-BB6D-9D831449CF4F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "4CCB49B2-4AA1-4223-98F0-1E0872566BC7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125357:*:*:*:*:*:*", matchCriteriaId: "5D0A19E8-F0B3-446D-B991-C63657BC2A61", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "1C7CD9C4-861D-42C0-9209-0843613F94B4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125363:*:*:*:*:*:*", matchCriteriaId: "AD44F42F-709B-4FBE-B9C7-9944A874D489", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "23C53DA5-F50F-4FA5-AF8B-4EA174BB4E57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125395:*:*:*:*:*:*", matchCriteriaId: "199EE3C2-2D58-4777-8592-D000D135E2A2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "0CE514D6-6C6A-4DAD-8DB2-FA1F12FFAFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125412:*:*:*:*:*:*", matchCriteriaId: "461FD5FC-2D14-44FC-88F0-783EDDD63483", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125429:*:*:*:*:*:*", matchCriteriaId: "65FD6158-1B99-4C17-A167-41D6B1CD62F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125449:*:*:*:*:*:*", matchCriteriaId: "188123C8-7E72-4690-A322-888BED90FB7A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*", matchCriteriaId: "2BF85206-863D-493C-88F4-15B0BA5276A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*", matchCriteriaId: "3C9DE996-1DEC-4AF0-89FD-1E3DA3967BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*", matchCriteriaId: "75FF4D85-97C8-4DF4-ADE6-EDE8EC2DD5BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*", matchCriteriaId: "9CAC6467-19F7-4CB2-A5FC-B57A14F4636C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*", matchCriteriaId: "60EB56E2-7367-4488-A00D-41464E86B06D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*", matchCriteriaId: "3E315636-0897-4421-882D-E8196F7ACAD1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "EE609902-17AF-491B-8749-C8AF4E0A8241", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "6EFF6295-3F73-448D-8109-453E0DFD2002", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125471:*:*:*:*:*:*", matchCriteriaId: "35A535BC-644B-4B10-8F66-779FAF503683", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125475:*:*:*:*:*:*", matchCriteriaId: "DDD4AA74-4B07-44A1-A32F-88B0B1E90ACA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "52203983-0CC9-49DB-B100-49CD9F5CE688", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "095362BF-69CD-458F-8A44-E3D6AFC8C41F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "65F6F508-F0BF-4821-8B50-24A9B652522E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125564:*:*:*:*:*:*", matchCriteriaId: "4044EE7F-268B-4CC7-9982-80766BE5790E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "6F87A77C-E40F-4DDE-9260-FCF12B237FA8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125581:*:*:*:*:*:*", matchCriteriaId: "51CF193E-D5A6-423A-A5E2-B0ACF4B002E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125596:*:*:*:*:*:*", matchCriteriaId: "7C10F5A0-6FFE-4907-8A61-61CF11FC7A69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "6B3F637D-3724-4314-BCC7-A6A06040DF00", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125617:*:*:*:*:*:*", matchCriteriaId: "18598449-D0EE-445F-BA6A-2CD658DAF4D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125657:*:*:*:*:*:*", matchCriteriaId: "6DC52F3E-EC5F-404B-ABD7-615B8AB522A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*", matchCriteriaId: "E3552F71-C708-41A4-9168-5673C086F507", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*", matchCriteriaId: "6A1DA3A9-36FB-4BCA-AEEC-231A2C3127D0", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "0BA30C26-D3D8-447C-BD7A-9BC166C8BF3E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:*", matchCriteriaId: "162E0203-17E1-427E-A351-33F75E8FE5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:*", matchCriteriaId: "61FB54BF-7A8F-4EE5-AF42-15E2B69E9DE9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:*", matchCriteriaId: "764139C9-FF6A-4BE0-BAF3-52F403C41393", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:*", matchCriteriaId: "3D9805F6-1A56-4FBF-8F47-DAA80E4DE9FC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "E9FF3515-61C7-4A7A-9781-6D4A0340B2EC", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "77AA96FD-5AF0-4F80-8402-BAB460FF8B75", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125003:*:*:*:*:*:*", matchCriteriaId: "3095B4D1-170A-48B0-8C4A-7A7A54E42149", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "8CE4267C-DAAE-4CEC-A6E3-D2213AA5EE57", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125109:*:*:*:*:*:*", matchCriteriaId: "92EB7DC6-F227-40B3-A093-4D9495BBE272", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125115:*:*:*:*:*:*", matchCriteriaId: "40C478D3-7C1C-4FCE-99FA-976EE2754680", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "DE6C88E4-D382-4729-AF5D-5697DCE26A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125122:*:*:*:*:*:*", matchCriteriaId: "6447F4D8-0943-4C8C-BBA7-42BECC181D80", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "422B8CB6-3A14-4452-9192-F4CD5BF5D030", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125141:*:*:*:*:*:*", matchCriteriaId: "41AB6C1A-CBEC-4DC1-94A4-9D14E82BA542", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125142:*:*:*:*:*:*", matchCriteriaId: "6A2C060F-770B-4245-8490-5D2EB970FCA0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "16E635CC-1591-4535-89EA-B8470BD885F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125150:*:*:*:*:*:*", matchCriteriaId: "D5F9E623-A42D-446D-ADDD-5F3C8F7BD9B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125160:*:*:*:*:*:*", matchCriteriaId: "1E235AF0-4453-4439-A25D-FF78A89BB117", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125179:*:*:*:*:*:*", matchCriteriaId: "620E40E9-9D83-4E14-8898-10C0718B1A1C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "1D72F651-BD8C-4564-AC1A-84A91F21EADA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125194:*:*:*:*:*:*", matchCriteriaId: "19DD9FF2-583B-4079-9375-E1643FF9A54B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125200:*:*:*:*:*:*", matchCriteriaId: "69EDC39C-68EE-488D-B740-9E45229BDF2E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "EC374820-208A-40EF-965C-50C19467BD82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "397B1FAC-EB6E-4F17-B5D7-CBD47D581DF5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125217:*:*:*:*:*:*", matchCriteriaId: "E771BCA5-9E65-4C8B-BF36-E90F641D2015", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125221:*:*:*:*:*:*", matchCriteriaId: "A658460A-FAE0-4487-8CD6-FB3384664F9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "6F104D17-7D08-42A5-BAF3-DEA475308FC6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "9F875BFA-18C2-42BF-8BC4-D02E15B395E6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "3BBD9D22-7E92-4648-972E-E17D9472E08D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125357:*:*:*:*:*:*", matchCriteriaId: "7219F9A0-CD1D-4BB4-A5E1-FA0495B49114", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125361:*:*:*:*:*:*", matchCriteriaId: "0CBB0F67-9C81-44BC-9836-DE5FE40DDBBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "6D7C0250-52DA-423D-B061-0CDF39D15068", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125376:*:*:*:*:*:*", matchCriteriaId: "6FC34D3F-FED3-4266-AB29-98FFC2002507", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "DD1460AC-A719-4B75-B28B-748B6C262A87", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "B9024FE1-536C-4180-8115-6D97E7C324D1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125410:*:*:*:*:*:*", matchCriteriaId: "8CD6EB21-3DC6-47A7-939A-AA3C8EFE278F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125429:*:*:*:*:*:*", matchCriteriaId: "3A5911F7-7A45-499D-B345-D9C082932BBA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125447:*:*:*:*:*:*", matchCriteriaId: "CBBD7A90-4F97-4DFD-B8E6-F24A9B72A1C0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "87C6DCE0-5F40-4F50-8538-29CFF2DCC9EA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125464:*:*:*:*:*:*", matchCriteriaId: "BECA9FA7-887B-4ECC-AA23-F75F96E42CB3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "CFD6D448-337E-4A63-8BE2-4DFC50AE7413", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125475:*:*:*:*:*:*", matchCriteriaId: "33F2625D-0750-4ED1-8BA7-8141D8B7FB01", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "A7D6DD58-62F3-4727-9AC1-E6B5EA71BB89", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "33991587-174F-48D9-821D-BF44CF24924D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125484:*:*:*:*:*:*", matchCriteriaId: "18B8D15F-0286-4D64-96F8-D213E241813E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "EB8483C1-6586-4936-8BF8-ECE3F0F4D5F5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "A9318551-C41F-46E9-A196-5C01EAE276F4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "5030E129-0401-457B-B4FB-974AD5A0A948", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125557:*:*:*:*:*:*", matchCriteriaId: "74DAFF5A-7090-427F-A69E-2E90456485C1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "8EB26A23-108E-4F39-84E3-2F1C197C8CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125582:*:*:*:*:*:*", matchCriteriaId: "DF57D557-B1B9-4B2E-81A5-B23C1A8521E1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125605:*:*:*:*:*:*", matchCriteriaId: "E37E20B2-B678-45C1-9EF9-7D65172B485F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "722042FB-CFE5-4DE8-A196-65D2E035378F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "17CC4F0C-E69E-4FA5-8119-D71AD9C13E63", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125621:*:*:*:*:*:*", matchCriteriaId: "B8DA03F6-8EF8-48E1-B4CF-A2B0CB6F1DEC", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "50FB7952-0CED-4A64-A435-D588CA661630", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "8343B084-2009-44F2-B36C-C66719BBB1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "2574DD71-36A4-47AE-ABC3-D05D36FF8F02", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*", matchCriteriaId: "B9D787C9-F37B-4193-A34F-080F7410BFA7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*", matchCriteriaId: "55FB4705-D709-42F0-A562-6C5A05E00EAE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*", matchCriteriaId: "4503E624-DC7F-4C5E-B715-0EC4676CA1ED", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "340D8561-6110-49D8-BCDC-78A762FCD3E6", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "C61E9B3D-A39D-428E-A82F-5C4C225906C9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "423D3372-F910-4006-9FE8-49A6B730AEBE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125109:*:*:*:*:*:*", matchCriteriaId: "02B0ED3C-4729-4C70-8F06-6B507ED75BEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125115:*:*:*:*:*:*", matchCriteriaId: "3CE0B4B2-CC4C-4F0F-B97E-A90C84377989", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "DC2E4C62-9867-4D14-85B3-95F359BD0551", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125122:*:*:*:*:*:*", matchCriteriaId: "5042AD90-4DF1-4A5A-9317-017102515284", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "356A4F91-FA5B-4A09-841E-A380F580BA88", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125129:*:*:*:*:*:*", matchCriteriaId: "CBBDC611-498B-4175-9A88-5914ED6D3A9E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125141:*:*:*:*:*:*", matchCriteriaId: "10F3C9AD-9C1B-4FBD-8325-B56FCF96FFE8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "F4EE5C24-C4AE-4F9D-B808-8930102A1389", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125160:*:*:*:*:*:*", matchCriteriaId: "E0F45A48-5006-4748-B683-6C7CB469286A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125179:*:*:*:*:*:*", matchCriteriaId: "9796C62A-8FCA-4E1E-855E-7D67F77C9AD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "1A1AC2FD-91BA-4B78-BB14-B9F2CEB09071", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125200:*:*:*:*:*:*", matchCriteriaId: "A4B99FDC-EC68-4006-B359-E845AEF72FA1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "240A8575-F963-4DB4-B9C6-BE584A2F8271", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "B97F1BEE-F3C0-4DDD-B767-23C4BE9054AA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125217:*:*:*:*:*:*", matchCriteriaId: "3B3482FA-9483-4EC7-9B09-E1BB63F02790", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "2600FBC5-8358-4126-88F2-00F3BEE9B537", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "FDD47CB0-3680-4ED9-821C-B673EACB953D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "D27B76C3-B8C8-48A6-AEF3-E9145B57EDA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125357:*:*:*:*:*:*", matchCriteriaId: "6D77C576-035E-403B-A2B3-992496FAD202", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "70608921-F02A-4121-BE90-919DD68DD0D0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125376:*:*:*:*:*:*", matchCriteriaId: "93C50660-6ECF-4353-A15A-4F7B0F06D33A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125381:*:*:*:*:*:*", matchCriteriaId: "06D8864A-E6CC-4742-A2CF-B060E8DFA740", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125393:*:*:*:*:*:*", matchCriteriaId: "D2572B3B-3BC4-4A83-92D5-8D7579821F4B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "0DD78F90-5231-4848-8971-9AB5ABBD2C33", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125412:*:*:*:*:*:*", matchCriteriaId: "7C94C142-168F-421C-B00B-3F42AA1CC9D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125429:*:*:*:*:*:*", matchCriteriaId: "77CE4835-6540-4CF6-A31C-255DA52BB073", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125447:*:*:*:*:*:*", matchCriteriaId: "E0544AE8-92B3-43A7-8F42-299AED1A40CC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*", matchCriteriaId: "BEC805D2-CFDC-40DE-AA70-42A91461BEE6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*", matchCriteriaId: "4767BF5A-B867-44BB-B152-E2AFA63B06D2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*", matchCriteriaId: "5855C471-07AB-4A96-9631-26C6C8B01F67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*", matchCriteriaId: "5075910F-3676-439A-879A-5CBE2C734347", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*", matchCriteriaId: "20808F91-7F08-4BA9-9075-C54337EC68E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*", matchCriteriaId: "C700CE3B-31B5-4B4D-A378-70EC26D6F88B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "A05AFF4D-4EF9-4939-81CC-0AB55DA596F1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125464:*:*:*:*:*:*", matchCriteriaId: "86C3E31F-87E2-459F-8D1B-C6D1A237960D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125467:*:*:*:*:*:*", matchCriteriaId: "A3E7FC26-0000-4D4B-B489-DF0E2CD2B13C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125469:*:*:*:*:*:*", matchCriteriaId: "13E6E0F9-9D03-4665-9C89-6BE62ADCB39C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125471:*:*:*:*:*:*", matchCriteriaId: "0DE52003-E959-420F-89A1-C86D8FB12DBF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125476:*:*:*:*:*:*", matchCriteriaId: "6E9C9051-7FDE-4DEE-85DC-0798524DC17A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "5BE3598F-CEB4-4553-BB50-AA778BBF8BDF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "4C71852D-D529-469A-9111-6D4DB8381BD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125484:*:*:*:*:*:*", matchCriteriaId: "EC3F7DA9-3FBF-4D67-8BA5-2643E706F64F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "53E2DF01-9A39-4E50-BEDE-D49988CE5CBD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "0015664D-11BC-4DEE-BC5B-DB3D1FE8DF82", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "8B49F887-4574-4B3C-A8A7-57F75B27447F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125557:*:*:*:*:*:*", matchCriteriaId: "C1E93E4D-0E54-41DF-843A-E8AE94EAD0BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125566:*:*:*:*:*:*", matchCriteriaId: "1617ADAD-2E13-4910-B600-3EC7E59B087C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "4E7B4955-F688-47DE-B1FF-D417EBDFF9C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125582:*:*:*:*:*:*", matchCriteriaId: "5F982932-5513-411A-9CBF-3082C7ECEF0A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125584:*:*:*:*:*:*", matchCriteriaId: "0B5378E9-D011-4B12-8DEE-442F22789C08", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125585:*:*:*:*:*:*", matchCriteriaId: "8232CBA1-55DA-4F3C-A9E5-A204A25231C5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "253569A5-4A2E-4163-88DC-C0FE6B79E06E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "A30281F3-4DE2-4ED3-91A7-AE7A091C31E1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*", matchCriteriaId: "9222E54C-0A7C-4828-9917-7CFD7EE8BC59", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "85778DB3-87D9-4C6A-9149-C58C45913268", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:*", matchCriteriaId: "3973EC75-A70A-475A-82BB-409992F09392", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:*", matchCriteriaId: "14537D55-3ABE-423C-B320-6811292620AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:*", matchCriteriaId: "FCB0BDE0-5BD3-4315-A74B-D7065ABC91BA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:*", matchCriteriaId: "3E850CF4-9078-4E43-A87C-8323536E8CD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:*", matchCriteriaId: "EC407852-45B1-47F4-A886-AF8B473A86D5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "DCB0C7A9-5511-4AC9-B5E4-74AAE6973E34", versionEndExcluding: "12.5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:*", matchCriteriaId: "BDA5DDA4-A67C-4370-B41D-02755FCF1F6C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:*", matchCriteriaId: "3D99CD97-1D6B-4C67-A909-E1CE28A78E10", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:*", matchCriteriaId: "70FEC14F-A53C-437C-981A-214B867142E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:*", matchCriteriaId: "895E57EA-A8F6-425B-9D08-654E03B92B30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:*", matchCriteriaId: "9EE0C771-B2F6-4766-82FD-203967CE37D7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:*", matchCriteriaId: "0DCD6102-19F7-42D2-A81B-C85824CA351D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:*", matchCriteriaId: "3C2C0A08-66BF-4FDC-A209-769234438844", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:*", matchCriteriaId: "8DDC3649-12A9-41F3-A27D-646B5DF05E93", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:*", matchCriteriaId: "4F037A2A-4B9A-4EBC-94E2-87502960FF20", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:*", matchCriteriaId: "B15E99A3-989F-4EFD-BA26-DEC6992BD1CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:*", matchCriteriaId: "B85BF117-503B-435F-8667-481D9AC7A788", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:*", matchCriteriaId: "3AC2A038-F59B-4137-B02F-4C26E2EB9152", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:*", matchCriteriaId: "F605C78F-8BE4-4E02-A7FB-CA9D24AFE7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:*", matchCriteriaId: "15557A07-E0E9-40DB-B013-0F4AD9556BD6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:*", matchCriteriaId: "79082C84-9F25-4A63-86AF-18CC4ADF71CE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:*", matchCriteriaId: "A88678CE-DB64-4D66-8F2A-3C60058DC5CF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:*", matchCriteriaId: "88009BAC-1ECF-4BA3-855F-96C8789E476E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:*", matchCriteriaId: "E64F7B54-6B09-4B7E-B2AB-5EA73FD8E0AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:*", matchCriteriaId: "2B94DFD2-374C-47A9-9D54-3FDB63197FFA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:*", matchCriteriaId: "9B0330D9-1276-4228-BA7E-B9E3B828E5AE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:*", matchCriteriaId: "89736956-D05D-437B-BC7A-850AA459C123", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:*", matchCriteriaId: "63B26424-7292-4F37-B86F-2A4E0AD32B85", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:*", matchCriteriaId: "2D2629FB-0A83-43CC-8C83-444036D05F7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:*", matchCriteriaId: "4CFD99D1-CB43-437B-8E7D-6712DA5C9835", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:*", matchCriteriaId: "6FEBA58F-E5B4-4B91-B78F-620C6EB9D3BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:*", matchCriteriaId: "F9F9D406-FE99-45C0-B1C0-4DEB5E843FE5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:*", matchCriteriaId: "F4B86974-C598-4E1A-9FF0-5AF9638C1AD0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:*", matchCriteriaId: "C2838623-6F3F-417A-A644-FA226CCD8BB5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:*", matchCriteriaId: "454EDD2A-E79A-4D46-B841-BE5EC12C63D5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:*", matchCriteriaId: "1557A740-D19D-4220-9B3E-395EFCB86F9D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:*", matchCriteriaId: "9C7DB404-A5C7-4EDB-BCB2-079A41E31428", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:*", matchCriteriaId: "B738952C-DE7B-4C3D-85B9-ADBEDF007AFD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:*", matchCriteriaId: "897D140C-20FF-454D-8928-B11FFC84C016", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:*", matchCriteriaId: "18F93D7C-E8FC-4D4C-AEA0-C1187FB6D9D3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:*", matchCriteriaId: "2E799367-7DC7-478D-948A-17D717507DC0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:*", matchCriteriaId: "74A5591E-75A4-4ACA-9C34-4907D645AA88", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125459:*:*:*:*:*:*", matchCriteriaId: "0C67D5FC-5965-4AC1-80A5-931BE60B5E86", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125465:*:*:*:*:*:*", matchCriteriaId: "139E25D9-A4C8-4041-ADF7-4618DFEEE8C7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125469:*:*:*:*:*:*", matchCriteriaId: "6A65F3F7-45D3-49EB-9784-1F13FA2CBB0C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125471:*:*:*:*:*:*", matchCriteriaId: "3795D2DE-622F-4C82-B133-0993A01AC1FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125475:*:*:*:*:*:*", matchCriteriaId: "C0DB9896-BC25-46E3-AA6F-496A442BE525", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125482:*:*:*:*:*:*", matchCriteriaId: "CE56A949-74AC-4138-8AD3-31F5763860EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125483:*:*:*:*:*:*", matchCriteriaId: "4A3DB867-FD46-46EB-AEF0-2B6E79371AF6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125485:*:*:*:*:*:*", matchCriteriaId: "7881FBB4-AC09-4EB9-B02F-3EA19237E095", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125488:*:*:*:*:*:*", matchCriteriaId: "F391E432-98B8-4D97-8AD4-FB1A84FAF774", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125490:*:*:*:*:*:*", matchCriteriaId: "61D908B2-446E-48EC-9F6B-91E8BF0F6A38", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125565:*:*:*:*:*:*", matchCriteriaId: "FD5F28B0-580E-4CD4-917A-496D35AD271A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125568:*:*:*:*:*:*", matchCriteriaId: "F0FC96AA-F2F4-4C35-8BF7-6318A2F624A0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125583:*:*:*:*:*:*", matchCriteriaId: "6EA008F1-4E47-4753-8506-769B29AB5BA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125584:*:*:*:*:*:*", matchCriteriaId: "7ED68CDE-1096-4490-8E6B-78F4AC2BB729", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125598:*:*:*:*:*:*", matchCriteriaId: "34F8D9B7-3BD7-44C0-A292-162928729F36", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125606:*:*:*:*:*:*", matchCriteriaId: "ADFB3155-72F3-4DFA-BAE1-5725A40E6C8B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125612:*:*:*:*:*:*", matchCriteriaId: "7446678C-E2DB-4EA2-BC9B-430C8EC7804B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125615:*:*:*:*:*:*", matchCriteriaId: "33C57314-5503-48BD-9ED2-D76517C9C0F0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125617:*:*:*:*:*:*", matchCriteriaId: "AC201C68-2C1D-4E75-9443-C5F853A37AB0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D6628EB7-96F6-48E3-8018-8F569972B811", versionEndExcluding: "12.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:*", matchCriteriaId: "B64ADEEB-502D-4588-BD80-156124437AEB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:*", matchCriteriaId: "2306C5F3-5413-4240-BAB6-E55849063A72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:*", matchCriteriaId: "87F97A9E-2AB3-4121-B5A7-0AA25780D336", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:*", matchCriteriaId: "AD049643-9546-4D39-BD26-79661205C110", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "B8AEEB49-1C45-4B88-81C1-A1425B7E99A2", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "E73FEA45-5AA3-4C49-91D3-E07A53E34515", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*", matchCriteriaId: "8CA65161-0C0B-45E7-BBEA-FA214DBF964B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*", matchCriteriaId: "9097C0CA-001B-4604-BCDB-ED28AB292CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14303:*:*:*:*:*:*", matchCriteriaId: "C7F15A64-F15C-43E4-890A-7FEB0614C6DF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "378A2C19-6176-4E95-AB9C-B60A1F1A1E87", versionEndExcluding: "7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*", matchCriteriaId: "1E01D48C-A95F-421E-A6FA-D299D6BE02B8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*", matchCriteriaId: "727BD3A4-F0E1-4656-A640-B32406324707", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7002:*:*:*:*:*:*", matchCriteriaId: "AC812003-B383-4E52-B9D3-90F4B0633C90", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7003:*:*:*:*:*:*", matchCriteriaId: "E6BE678E-EC68-478F-A4E0-73E032C88167", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7004:*:*:*:*:*:*", matchCriteriaId: "A5E373E7-9BB3-480F-A685-BAA7A9CD1BC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "CE99DDEC-EA8D-4E15-A227-30B242611078", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "52843587-34AD-4992-8E68-25CD02E247A3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14301:*:*:*:*:*:*", matchCriteriaId: "BC2FC98F-84FF-4C90-BD7C-20A4910BED44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14302:*:*:*:*:*:*", matchCriteriaId: "9794CB33-4932-4AA6-AC8C-B9FB6AE233FC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14303:*:*:*:*:*:*", matchCriteriaId: "3CC0A1C9-2F24-422A-8478-95BDCE1EBE77", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14304:*:*:*:*:*:*", matchCriteriaId: "4E541BD1-3BB8-4807-BDF8-45B0916416D4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5FDF15FF-2561-4139-AC5E-4812584B1B03", versionEndExcluding: "4.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*", matchCriteriaId: "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*", matchCriteriaId: "52DDE5D9-28DE-446F-A402-7BE3C33A4B35", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*", matchCriteriaId: "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*", matchCriteriaId: "59675CC4-8A5C-4668-908C-0886B4B310DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*", matchCriteriaId: "45084336-F1DC-4E5B-A45E-506A779985D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*", matchCriteriaId: "1B2CC071-5BB3-4A25-88F2-DBC56B94D895", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*", matchCriteriaId: "E6FDF373-4711-4B72-A14E-CEB19301C40F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*", matchCriteriaId: "0E0F346C-0445-4D38-8583-3379962B540F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4308:*:*:*:*:*:*", matchCriteriaId: "18B78BDC-0EAA-4781-8D62-01E47AA3BF40", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4309:*:*:*:*:*:*", matchCriteriaId: "A9EE7E99-B428-41EF-A693-7A316F695160", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4707D700-23C4-4BBD-9683-4E6D59989127", versionEndExcluding: "14.3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*", matchCriteriaId: "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14301:*:*:*:*:*:*", matchCriteriaId: "13A9F940-083E-451E-A330-877D67F617BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14302:*:*:*:*:*:*", matchCriteriaId: "9FE925DF-55E6-4E7F-B5CD-F5ED097BBBC0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14303:*:*:*:*:*:*", matchCriteriaId: "0031CF5C-78FE-4CB0-97CE-087C10A77EB0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", matchCriteriaId: "1478BFC3-A0B2-415B-BA1C-AA09D9451C93", versionEndExcluding: "5.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", matchCriteriaId: "41B34AA8-294A-48A9-8579-44EB7EE192F3", versionEndExcluding: "12.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.", }, { lang: "es", value: "Existe una vulnerabilidad de divulgación de información en varios productos ManageEngine que puede provocar la exposición de claves de cifrado. Un usuario de sistema operativo con pocos privilegios y acceso al host donde está instalado un producto ManageEngine afectado puede ver y utilizar la clave expuesta para descifrar las contraseñas de la base de datos del producto. Esto permite al usuario acceder a la base de datos del producto ManageEngine.", }, ], id: "CVE-2023-6105", lastModified: "2025-02-13T18:16:03.270", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "vulnreport@tenable.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-15T21:15:08.490", references: [ { source: "vulnreport@tenable.com", url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, { source: "vulnreport@tenable.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2023-35", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.tenable.com/security/research/tra-2023-35", }, ], sourceIdentifier: "vulnreport@tenable.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "vulnreport@tenable.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-18 22:15
Modified
2024-11-21 04:22
Severity ?
Summary
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_analytics_plus:1.0:*:*:*:*:*:*:*", matchCriteriaId: "14FAD4FD-CD54-4FE7-A849-A4837D3413B1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:-:*:*:*:*:*:*:*", matchCriteriaId: "1DB71331-CB4A-41FD-AC26-90F833ED9D52", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380:*:*:*:*:*:*:*", matchCriteriaId: "643C7F9E-F838-421C-BB13-ECCFDF073C91", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.2:*:*:*:*:*:*:*", matchCriteriaId: "67C97619-847C-43B7-ADC8-B9B9833FA5DD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_firewall:12.0:*:*:*:*:*:*:*", matchCriteriaId: "5FCF81E8-5FEE-4178-9FB0-49CB377329BB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:5.6:*:*:*:*:*:*:*", matchCriteriaId: "ABCFC9E0-7B46-46AB-87D4-596993A15859", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2B2AF501-8A1A-4BB8-B796-0AFCF379B23A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:11.0:*:*:*:*:*:*:*", matchCriteriaId: "26D0B03D-B7B2-4E45-837A-C29DF895C065", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:11.0:*:*:*:*:*:*:*", matchCriteriaId: "AB014B4E-EB9B-4B71-9E9C-EB28E254FBB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.0:*:*:*:*:*:*:*", matchCriteriaId: "2F7C3D36-6C00-488D-B862-68EC243A9348", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*", matchCriteriaId: "11843753-531F-4D94-AC7F-F23D6EC8728F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_oputils:11.0:*:*:*:*:*:*:*", matchCriteriaId: "B1B6B47F-EE8C-49C7-B2FF-B886C2D68849", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:9.9:*:*:*:*:*:*:*", matchCriteriaId: "3E409911-AB1C-47CA-9E69-484B7E16FC17", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "DC1451EC-1F96-42AF-BEC9-0D370E827643", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "F64E8AC1-A456-46B8-8940-A200C328A7EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8AD30D38-181E-4397-98DF-A7BE8D745A10", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "457BE370-7CAF-4010-AC8C-A059F4892408", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:9.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D50F7EAA-D965-4C81-867C-FE4FC0DC9BB9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.", }, { lang: "es", value: "Varios productos Zoho ManageEngine sufren una escalada de privilegios locales debido a permisos inapropiados para el directorio %SYSTEMDRIVE%\\ManageEngine y sus subcarpetas. Además, los servicios asociados con dichos productos intentan ejecutar archivos binarios como sc.exe desde el directorio actual durante un inicio de sistema. Esto permitirá efectivamente a los usuarios no privilegiados escalar sus privilegios a NT AUTHORITY\\SYSTEM. Esto afecta a Desktop Central versión 10.0.380, EventLog Analyzer versión 12.0.2, ServiceDesk Plus versión 10.0.0, SupportCenter Plus versión 8.1, O365 Manager Plus versión 4.0, Mobile Device Manager Plus versión 9.0.0, Patch Connect Plus versión 9.0.0, Vulnerability Manager Plus versión 9.0.0 , Patch Manager Plus versión 9.0.0, OpManager versión 12.3, NetFlow Analyzer versión 11.0, OpUtils versión 11.0, Network Configuration Manager versión 11.0, FireWall versión 12.0, Key Manager Plus versión 5.6, Password Manager Pro versión 9.9, Analytics Plus versión 1.0 y Browser Security Plus.", }, ], id: "CVE-2019-12133", lastModified: "2024-11-21T04:22:17.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-18T22:15:12.027", references: [ { source: "cve@mitre.org", url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-427", }, { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-03-25 16:29
Modified
2024-11-21 03:35
Severity ?
Summary
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://labs.integrity.pt/advisories/cve-2017-9362 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.integrity.pt/advisories/cve-2017-9362 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "9164DE27-BE62-4EB3-B2F1-899A3D284DEC", versionEndExcluding: "9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.", }, { lang: "es", value: "ManageEngine ServiceDesk Plus en sus versiones anteriores a la 9312 contiene una inyección XML en los ítems de adición de configuración de la API CMDB.", }, ], id: "CVE-2017-9362", lastModified: "2024-11-21T03:35:55.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-03-25T16:29:03.177", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "https://labs.integrity.pt/advisories/cve-2017-9362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "https://labs.integrity.pt/advisories/cve-2017-9362", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-04-05 19:15
Modified
2024-11-21 06:51
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 13.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "2B9E0DBB-8A69-4887-9105-0A3568E353BE", versionEndIncluding: "12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "B0B75973-355C-447E-BBEA-18459A5736C8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organización", }, ], id: "CVE-2022-25245", lastModified: "2024-11-21T06:51:52.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-04-05T19:15:08.273", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", url: "https://raxis.com/blog/cve-2022-25245", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-25245.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://raxis.com/blog/cve-2022-25245", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/cve-2022-25245.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-18 22:15
Modified
2024-11-21 05:00
Severity ?
Summary
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/eLeN3Re/CVE-2020-13154 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/eLeN3Re/CVE-2020-13154 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*", matchCriteriaId: "298623A4-60DF-41F6-B2FD-ED84E6D2C06C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*", matchCriteriaId: "523C554B-076C-4F59-A04B-92D57CDAF7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*", matchCriteriaId: "3A85A576-6144-41DB-9ACF-1DD93D5A8852", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*", matchCriteriaId: "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*", matchCriteriaId: "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*", matchCriteriaId: "063D71A3-F1DF-486A-92E1-338C6D5C9E8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*", matchCriteriaId: "14A2C9CC-D434-41A7-A01A-03933675556A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*", matchCriteriaId: "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*", matchCriteriaId: "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*", matchCriteriaId: "DED26B68-E61F-4575-85AD-48EC2E128712", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*", matchCriteriaId: "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*", matchCriteriaId: "7AFCBA54-26E4-4C56-82BB-135FCA210419", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*", matchCriteriaId: "9B594A55-DBF5-4C3F-855F-843A7F26DFEF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.", }, { lang: "es", value: "Zoho ManageEngine Service Plus versiones anteriores a 11.1 build 11112, permite a usuarios autenticados con pocos privilegios detectar la contraseña de File Protection mediante una llamada de getFileProtectionSettings a AjaxServlet.", }, ], id: "CVE-2020-13154", lastModified: "2024-11-21T05:00:45.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-18T22:15:12.907", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-13154", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gitlab.com/eLeN3Re/CVE-2020-13154", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-13 19:15
Modified
2024-11-21 05:27
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "816A3CCE-7BD4-4D3D-984B-6BCFE3E3769E", versionEndExcluding: "11.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*", matchCriteriaId: "523C554B-076C-4F59-A04B-92D57CDAF7E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*", matchCriteriaId: "3A85A576-6144-41DB-9ACF-1DD93D5A8852", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*", matchCriteriaId: "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*", matchCriteriaId: "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*", matchCriteriaId: "063D71A3-F1DF-486A-92E1-338C6D5C9E8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*", matchCriteriaId: "14A2C9CC-D434-41A7-A01A-03933675556A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*", matchCriteriaId: "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*", matchCriteriaId: "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*", matchCriteriaId: "DED26B68-E61F-4575-85AD-48EC2E128712", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*", matchCriteriaId: "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*", matchCriteriaId: "7AFCBA54-26E4-4C56-82BB-135FCA210419", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*", matchCriteriaId: "9B594A55-DBF5-4C3F-855F-843A7F26DFEF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*", matchCriteriaId: "53E10E88-28AE-4F01-AE6E-C76CB3309F69", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*", matchCriteriaId: "1909D29B-7532-4C60-9F16-BD310022E2A9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*", matchCriteriaId: "8B5FA504-BFA4-4740-A3C0-B917AF301E72", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*", matchCriteriaId: "2694C1E1-7596-4183-9B09-4BB5BA5C5551", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*", matchCriteriaId: "31A7FA61-399B-4778-828C-BB65548966AF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*", matchCriteriaId: "E33CAA7E-2F7B-4833-94F6-6C0F607903CD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11118:*:*:*:*:*:*", matchCriteriaId: "81D5E4BB-41F6-46B7-98C7-43DE55785496", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11119:*:*:*:*:*:*", matchCriteriaId: "8400D7D8-D03D-4A5C-B533-A640A648238D", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11120:*:*:*:*:*:*", matchCriteriaId: "21E4107F-A0DC-4A53-9352-A442B563599C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11121:*:*:*:*:*:*", matchCriteriaId: "42B90217-2981-4B2A-BB29-BF36F4C1494F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11122:*:*:*:*:*:*", matchCriteriaId: "A96B5C8D-5689-405D-ADD7-8BA0E9755EB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11123:*:*:*:*:*:*", matchCriteriaId: "0B621910-3AE7-4E92-9B6D-C015A8D4AC9F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11124:*:*:*:*:*:*", matchCriteriaId: "9E480891-A40B-4184-B06D-26EC583FBA41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11125:*:*:*:*:*:*", matchCriteriaId: "8D8905CE-F981-4034-8193-533A4930D518", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11126:*:*:*:*:*:*", matchCriteriaId: "79FBA595-2CDC-45E8-8840-34D17F09A5FB", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11127:*:*:*:*:*:*", matchCriteriaId: "D462AC9D-8731-49D9-A760-5013B496C8C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11128:*:*:*:*:*:*", matchCriteriaId: "332AB05B-3DC2-493F-8DB8-7DA93531D9BC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11129:*:*:*:*:*:*", matchCriteriaId: "A9ED77FC-F359-48AA-8A48-4009B25992D4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11130:*:*:*:*:*:*", matchCriteriaId: "98C4DC91-985F-413E-9F6F-27E93C1125E5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11131:*:*:*:*:*:*", matchCriteriaId: "6841D87A-97FD-415B-931C-6407A36A1E96", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11132:*:*:*:*:*:*", matchCriteriaId: "D1C4B37D-6983-430C-91C5-635D7EF51A5F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11133:*:*:*:*:*:*", matchCriteriaId: "4E959106-3183-4D8A-888D-6379DC33234D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11134, permite una omisión de autenticación (solo durante el inicio de sesión SAML)", }, ], id: "CVE-2020-35682", lastModified: "2024-11-21T05:27:50.363", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-13T19:15:11.880", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-06 20:15
Modified
2025-03-06 16:15
Severity ?
Summary
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", matchCriteriaId: "258BF334-DE00-472D-BD94-C0DF8CDAF53C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", matchCriteriaId: "DCF1B243-DA58-42CD-9DF4-6D4A010796D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", matchCriteriaId: "2B73FD0F-6B48-406E-AB29-606CC07C81C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", matchCriteriaId: "CED2C49D-DB96-4495-BD6F-460871D94EDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", matchCriteriaId: "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", matchCriteriaId: "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", matchCriteriaId: "03A34ED3-EC89-4BE3-8A99-A5727A154672", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", matchCriteriaId: "4E84EF2B-37A5-4499-8C16-877E8AB8A731", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", matchCriteriaId: "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", matchCriteriaId: "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", matchCriteriaId: "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0F8049D8-8FE3-43CA-9568-AEA659776436", versionEndExcluding: "14.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*", matchCriteriaId: "5CDE81A3-95A1-42FC-A526-5F343E73ABD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*", matchCriteriaId: "0575CC86-9321-4502-83C0-348DCE175EEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*", matchCriteriaId: "D1B60D55-DE84-4BE8-A42D-98D133D3D228", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*", matchCriteriaId: "B79CA06A-17DE-429A-A3C9-4FC28E907318", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*", matchCriteriaId: "19C86206-29CB-4ABA-8979-19DF52B8CC1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "969E1FCF-76A0-40BC-A38F-56FCB713419F", versionEndExcluding: "13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:-:*:*:*:*:*:*", matchCriteriaId: "79342FBF-8F53-4A9D-A021-6748FC42D777", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*", matchCriteriaId: "298E6401-A9A9-43B6-901F-327944E0AF94", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001:*:*:*:*:*:*", matchCriteriaId: "0998F749-27E4-4C98-A027-939427640F8E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002:*:*:*:*:*:*", matchCriteriaId: "05694BAB-3210-47A6-8FAD-5AC84FBAD240", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003:*:*:*:*:*:*", matchCriteriaId: "DD0F5553-E56E-4DFC-BEE1-62872D078886", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13004:*:*:*:*:*:*", matchCriteriaId: "AE037B8B-AF47-454F-B8AC-F5E0E095E304", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "791D8E77-1A6B-4739-A6E6-BF91E978144E", versionEndExcluding: "11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*", matchCriteriaId: "3AE43EA7-9AA1-4EA7-8840-22BD543A093C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", matchCriteriaId: "D788203D-B169-4C98-B090-B070630750DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", matchCriteriaId: "846EA6AB-9588-4D9F-AEBD-83B018BE7362", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", matchCriteriaId: "BDD540F2-C964-40DE-91AB-DE726AAA82A8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", matchCriteriaId: "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", matchCriteriaId: "685783DB-DD06-4D9C-9E83-63449D5B60D9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", matchCriteriaId: "C371F2CD-A1F8-4EC7-8096-D61DEA337D44", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", matchCriteriaId: "B980A72F-53E2-4FC1-AA25-743AE8650641", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", matchCriteriaId: "68289AE6-F348-401A-BE49-08889492B23B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", matchCriteriaId: "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", matchCriteriaId: "34C768E0-FF5B-413D-87B2-9D09F28F95DC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", matchCriteriaId: "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", matchCriteriaId: "B77031F5-E097-4549-BF5E-1D0718AB52B9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", matchCriteriaId: "5A9C0879-8AE5-4E6E-998C-E79FC418C68A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", matchCriteriaId: "3F1F21D7-08E8-4637-903B-4277399C0BD7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", matchCriteriaId: "97920D1C-62BA-4B10-9912-C2ED1C1B0313", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", matchCriteriaId: "023C6278-1FF9-4E79-8D95-32BE71701D37", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", matchCriteriaId: "34EFB9EF-269E-4A72-8357-2A54E8B78C84", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", matchCriteriaId: "35366F60-D6E2-4B29-B593-D24079CE6831", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", matchCriteriaId: "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", matchCriteriaId: "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", matchCriteriaId: "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", matchCriteriaId: "7F529DB6-4D30-49F8-BFE2-C10C1A899917", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", matchCriteriaId: "4EA25296-8163-4C98-A8CD-35834240308E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", matchCriteriaId: "33D51403-A976-4EA3-AA23-C699E03239E2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", matchCriteriaId: "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11026:*:*:*:*:*:*", matchCriteriaId: "C83DD7D3-C3AF-4E56-B38E-B1C5F3EABCD8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11027:*:*:*:*:*:*", matchCriteriaId: "A940CD15-8270-4935-9C46-9684E7735C99", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.", }, ], id: "CVE-2023-26600", lastModified: "2025-03-06T16:15:40.740", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-06T20:15:09.913", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-269", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-06 22:15
Modified
2024-11-21 07:51
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", matchCriteriaId: "A6DEEF51-0977-4061-9919-803DFD144E10", versionEndExcluding: "6.9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*", matchCriteriaId: "258BF334-DE00-472D-BD94-C0DF8CDAF53C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", matchCriteriaId: "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", matchCriteriaId: "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", matchCriteriaId: "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", matchCriteriaId: "B293513C-9ECB-4512-B1B8-A470C6115458", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", matchCriteriaId: "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", matchCriteriaId: "9B708143-01B3-45D0-A769-E1D8E99237B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", matchCriteriaId: "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", matchCriteriaId: "4E528B83-1539-4516-9ACF-A05E853014DF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", matchCriteriaId: "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", matchCriteriaId: "7FAF3DFA-78FB-417C-808A-507F66889913", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", matchCriteriaId: "E9506197-CDDA-451B-9FE3-72B3C3BA19EF", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", matchCriteriaId: "691DF8EC-6A7A-4449-8A4C-79F76726D685", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", matchCriteriaId: "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", matchCriteriaId: "E1BD2753-52B8-4EB0-8332-C67935FB8B47", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", matchCriteriaId: "E8BD08BF-4E5D-4DE4-A499-B0296C126599", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", matchCriteriaId: "F13CB227-496C-4777-BE76-27AFF5ED15C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", matchCriteriaId: "2AB1DF8F-3385-40C6-92C5-10724F8A6911", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", matchCriteriaId: "C1997DE8-8CFA-4882-9107-741B88339A67", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", matchCriteriaId: "148F6458-136D-4612-9619-F51AEEC11AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", matchCriteriaId: "8B189696-D6BC-475B-90CA-AF122224FEAA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", matchCriteriaId: "477C97EC-A497-4C7C-973B-2C057A9242AD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", matchCriteriaId: "284F5D9D-F23F-4936-B461-10701CC3AB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", matchCriteriaId: "74CE0145-F165-4FB4-A819-01B30641196A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", matchCriteriaId: "CA291C44-616B-45D9-9709-61CD33E8B135", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", matchCriteriaId: "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", matchCriteriaId: "DCF1B243-DA58-42CD-9DF4-6D4A010796D8", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", matchCriteriaId: "2B73FD0F-6B48-406E-AB29-606CC07C81C2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", matchCriteriaId: "CED2C49D-DB96-4495-BD6F-460871D94EDA", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", matchCriteriaId: "C9AAC638-1379-4F87-9BA3-07CE16CAB98A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", matchCriteriaId: "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", matchCriteriaId: "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*", matchCriteriaId: "03A34ED3-EC89-4BE3-8A99-A5727A154672", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*", matchCriteriaId: "4E84EF2B-37A5-4499-8C16-877E8AB8A731", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*", matchCriteriaId: "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*", matchCriteriaId: "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*", matchCriteriaId: "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "0F8049D8-8FE3-43CA-9568-AEA659776436", versionEndExcluding: "14.1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*", matchCriteriaId: "5CDE81A3-95A1-42FC-A526-5F343E73ABD2", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*", matchCriteriaId: "0575CC86-9321-4502-83C0-348DCE175EEC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*", matchCriteriaId: "D1B60D55-DE84-4BE8-A42D-98D133D3D228", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*", matchCriteriaId: "B79CA06A-17DE-429A-A3C9-4FC28E907318", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*", matchCriteriaId: "19C86206-29CB-4ABA-8979-19DF52B8CC1A", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "E427ED35-3804-4448-BADE-6DD1E80D093F", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "6E368AC5-E3A5-44CE-8B6E-2454493764E4", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "5563D0F3-ACFD-4F79-8428-12EF982E0F5F", versionEndExcluding: "14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14000:*:*:*:*:*:*", matchCriteriaId: "B46588F2-4258-44C7-BCBE-40975D4CE27D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).", }, ], id: "CVE-2023-26601", lastModified: "2024-11-21T07:51:50.100", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-06T22:15:09.877", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://manageengine.com", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-17 04:29
Modified
2025-03-14 18:24
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107129 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46413/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107129 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46413/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 | |
| zohocorp | manageengine_servicedesk_plus | 10.0.0 |
{ cisaActionDue: "2022-05-03", cisaExploitAdd: "2021-11-03", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "4EAFC388-E113-4972-8B2F-B5E2DE249A7E", versionEndExcluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*", matchCriteriaId: "97CABEC7-2B76-4B17-B906-1CB2B49515A1", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*", matchCriteriaId: "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*", matchCriteriaId: "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*", matchCriteriaId: "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*", matchCriteriaId: "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*", matchCriteriaId: "01754D60-5592-4193-A2DF-4CE12D30CF24", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*", matchCriteriaId: "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*", matchCriteriaId: "21DC1DA3-012F-4AF2-B6CA-968E50A503EC", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*", matchCriteriaId: "9DE94B05-7B6A-4912-8590-D9C1791F9B68", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*", matchCriteriaId: "16C27699-4157-4473-9FB3-01151B3E21F3", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*", matchCriteriaId: "F9AC6EC8-E1CA-4889-8AF8-482649CF2139", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*", matchCriteriaId: "4186B73E-0E0F-48E1-9A51-B90E228BDA14", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*", matchCriteriaId: "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.", }, { lang: "es", value: "Zoho ManageEngine ServiceDesk Plus (SDP), en versiones anteriores a la 10.0 build 10012, permite que los atacantes remotos suban archivos arbitrarios mediante la personalización de la página de inicio.", }, ], id: "CVE-2019-8394", lastModified: "2025-03-14T18:24:37.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2019-02-17T04:29:00.330", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107129", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46413/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/107129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46413/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-434", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12542 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12542 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*", matchCriteriaId: "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.", }, { lang: "es", value: "Se descubrió un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a través del parámetro UserConfigID de SearchN.do.", }, ], id: "CVE-2019-12542", lastModified: "2024-11-21T04:23:04.267", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-06-05T15:29:01.530", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12542", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/tarantula-team/CVE-2019-12542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/readme.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-23 15:15
Modified
2024-08-30 18:15
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "634F72F5-4770-47AC-B0E1-D04190B7B22D", versionEndIncluding: "14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810:*:*:*:*:*:*", matchCriteriaId: "34019F05-EB3F-4ACF-B46A-2ACD7D47F60F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "BB8FD5AF-A4AB-4D07-892C-07F3DF1D68F5", versionEndIncluding: "14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800:*:*:*:*:*:*", matchCriteriaId: "6E89A676-2FA1-4B92-89DA-67678F803C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "EB3DD0B2-ABBE-489E-B2A1-53E387996F58", versionEndIncluding: "14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800:*:*:*:*:*:*", matchCriteriaId: "C6C2D0B5-AE61-4B74-AA50-3E7BFFB41761", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.", }, { lang: "es", value: "Una vulnerabilidad de Cross-Site Scripting Almacenado afecta a Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP y SupportCenter Plus. Este problema afecta a las versiones de ServiceDesk Plus: hasta 14810; ServiceDesk Plus MSP: hasta 14800; SupportCenter Plus: hasta 14800.", }, ], id: "CVE-2024-38869", lastModified: "2024-08-30T18:15:07.150", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.5, source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-23T15:15:15.843", references: [ { source: "0fc0942c-577d-436f-ae8e-945763c79b02", url: "https://www.manageengine.com/products/desktop-central/security-updates-config-access.html", }, ], sourceIdentifier: "0fc0942c-577d-436f-ae8e-945763c79b02", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-23 15:15
Modified
2024-08-27 14:35
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "634F72F5-4770-47AC-B0E1-D04190B7B22D", versionEndIncluding: "14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810:*:*:*:*:*:*", matchCriteriaId: "34019F05-EB3F-4ACF-B46A-2ACD7D47F60F", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", matchCriteriaId: "BB8FD5AF-A4AB-4D07-892C-07F3DF1D68F5", versionEndIncluding: "14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800:*:*:*:*:*:*", matchCriteriaId: "6E89A676-2FA1-4B92-89DA-67678F803C2B", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", matchCriteriaId: "EB3DD0B2-ABBE-489E-B2A1-53E387996F58", versionEndIncluding: "14.7", vulnerable: true, }, { criteria: "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800:*:*:*:*:*:*", matchCriteriaId: "C6C2D0B5-AE61-4B74-AA50-3E7BFFB41761", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.", }, { lang: "es", value: "Una vulnerabilidad de Cross-Site Scripting Almacenado en el módulo de solicitud afecta a Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP y SupportCenter Plus. Este problema afecta a las versiones de ServiceDesk Plus: hasta 14810; ServiceDesk Plus MSP: hasta 14800; SupportCenter Plus: hasta 14800.", }, ], id: "CVE-2024-41150", lastModified: "2024-08-27T14:35:09.013", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.2, source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-23T15:15:16.120", references: [ { source: "0fc0942c-577d-436f-ae8e-945763c79b02", tags: [ "Vendor Advisory", ], url: "https://www.manageengine.com/products/service-desk/CVE-2024-41150.html", }, ], sourceIdentifier: "0fc0942c-577d-436f-ae8e-945763c79b02", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "0fc0942c-577d-436f-ae8e-945763c79b02", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }