Vulnerabilites related to zohocorp - manageengine_servicedesk_plus
cve-2023-23073
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:39.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23073",
"datePublished": "2023-02-01T00:00:00",
"dateReserved": "2023-01-11T00:00:00",
"dateUpdated": "2024-08-02T10:28:39.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14048
Vulnerability from cvelistv5
Published
2020-06-12 01:41
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html | x_refsource_MISC | |
| https://gitlab.com/eLeN3Re/CVE-2020-14048 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-14048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-15T04:09:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-14048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"name": "https://gitlab.com/eLeN3Re/CVE-2020-14048",
"refsource": "MISC",
"url": "https://gitlab.com/eLeN3Re/CVE-2020-14048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14048",
"datePublished": "2020-06-12T01:41:42",
"dateReserved": "2020-06-12T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12252
Vulnerability from cvelistv5
Published
2019-05-21 17:24
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tuyenhva/CVE-2019-12252 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108456 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:38.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tuyenhva/CVE-2019-12252"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html"
},
{
"name": "108456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution\u0026mode=E-Mail\u0026notifyTo=SOLFORWARD\u0026id= substring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-27T07:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tuyenhva/CVE-2019-12252"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html"
},
{
"name": "108456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution\u0026mode=E-Mail\u0026notifyTo=SOLFORWARD\u0026id= substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tuyenhva/CVE-2019-12252",
"refsource": "MISC",
"url": "https://github.com/tuyenhva/CVE-2019-12252"
},
{
"name": "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html"
},
{
"name": "108456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12252",
"datePublished": "2019-05-21T17:24:18",
"dateReserved": "2019-05-21T00:00:00",
"dateUpdated": "2024-08-04T23:17:38.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12542
Vulnerability from cvelistv5
Published
2019-06-05 14:25
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12542 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/CVE-2019-12542"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T14:25:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/CVE-2019-12542"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tarantula-team/CVE-2019-12542",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/CVE-2019-12542"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12542",
"datePublished": "2019-06-05T14:25:33",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31160
Vulnerability from cvelistv5
Published
2021-06-29 13:10
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk-msp/readme.html#10521 | x_refsource_CONFIRM | |
| https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:52.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk-msp/readme.html#10521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T12:24:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/service-desk-msp/readme.html#10521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk-msp/readme.html#10521",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk-msp/readme.html#10521"
},
{
"name": "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/",
"refsource": "MISC",
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31160",
"datePublished": "2021-06-29T13:10:16",
"dateReserved": "2021-04-14T00:00:00",
"dateUpdated": "2024-08-03T22:55:52.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8394
Vulnerability from cvelistv5
Published
2019-02-17 04:00
Modified
2025-02-04 20:23
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46413/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/107129 | vdb-entry, x_refsource_BID | |
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46413",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46413/"
},
{
"name": "107129",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107129"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-8394",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:23:35.077619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8394"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T20:23:40.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-25T10:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46413",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46413/"
},
{
"name": "107129",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107129"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46413",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46413/"
},
{
"name": "107129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107129"
},
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8394",
"datePublished": "2019-02-17T04:00:00.000Z",
"dateReserved": "2019-02-16T00:00:00.000Z",
"dateUpdated": "2025-02-04T20:23:40.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35403
Vulnerability from cvelistv5
Published
2022-07-12 21:56
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/cve-2022-35403.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:43.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-35403.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-12T21:56:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-35403.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/cve-2022-35403.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/cve-2022-35403.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35403",
"datePublished": "2022-07-12T21:56:46",
"dateReserved": "2022-07-08T00:00:00",
"dateUpdated": "2024-08-03T09:36:43.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12189
Vulnerability from cvelistv5
Published
2019-05-21 17:30
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tuyenhva/CVE-2019-12189 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tuyenhva/CVE-2019-12189"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-23T17:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tuyenhva/CVE-2019-12189"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tuyenhva/CVE-2019-12189",
"refsource": "MISC",
"url": "https://github.com/tuyenhva/CVE-2019-12189"
},
{
"name": "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12189",
"datePublished": "2019-05-21T17:30:14",
"dateReserved": "2019-05-19T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9376
Vulnerability from cvelistv5
Published
2019-03-25 15:53
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
References
| ▼ | URL | Tags |
|---|---|---|
| https://labs.integrity.pt/advisories/cve-2017-9376/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/107558 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9376/"
},
{
"name": "107558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-26T06:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9376/"
},
{
"name": "107558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.integrity.pt/advisories/cve-2017-9376/",
"refsource": "MISC",
"url": "https://labs.integrity.pt/advisories/cve-2017-9376/"
},
{
"name": "107558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9376",
"datePublished": "2019-03-25T15:53:20",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35785
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T18:56:34.893304",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35785",
"datePublished": "2023-08-28T00:00:00",
"dateReserved": "2023-06-16T00:00:00",
"dateUpdated": "2024-08-02T16:30:45.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40771
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40771",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-18T00:00:00",
"dateUpdated": "2024-08-03T12:28:42.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10273
Vulnerability from cvelistv5
Published
2019-04-04 15:36
Modified
2024-08-04 22:17
Severity ?
EPSS score ?
Summary
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
References
| ▼ | URL | Tags |
|---|---|---|
| https://0x445.github.io/CVE-2019-10273/ | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46674/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:19.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0x445.github.io/CVE-2019-10273/"
},
{
"name": "46674",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46674/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-08T20:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://0x445.github.io/CVE-2019-10273/"
},
{
"name": "46674",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46674/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0x445.github.io/CVE-2019-10273/",
"refsource": "MISC",
"url": "https://0x445.github.io/CVE-2019-10273/"
},
{
"name": "46674",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46674/"
},
{
"name": "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10273",
"datePublished": "2019-04-04T15:36:47",
"dateReserved": "2019-03-29T00:00:00",
"dateUpdated": "2024-08-04T22:17:19.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38869
Vulnerability from cvelistv5
Published
2024-08-23 14:07
Modified
2024-08-30 18:47
Severity ?
EPSS score ?
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | Endpoint Central |
Version: 0 Version: 0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_endpoint_central",
"vendor": "zohocorp",
"versions": [
{
"lessThan": "11.3.2416.04",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "11.3.2400.25",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38869",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-30T18:31:53.529114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T18:47:26.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/?pos=EndpointCentral",
"defaultStatus": "unaffected",
"product": "Endpoint Central",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "11.3.2416.04",
"status": "affected",
"version": "0",
"versionType": "11.3.2416.04"
},
{
"lessThan": "11.3.2400.25",
"status": "affected",
"version": "0",
"versionType": "11.3.2400.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine Endpoint Central affected by\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect authorization vulnerability in remote office deploy configurations.\u003c/span\u003e\u003cp\u003eThis issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.\u003c/p\u003e"
}
],
"value": "Zohocorp ManageEngine Endpoint Central affected by\u00a0Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T17:30:05.650Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/desktop-central/security-updates-config-access.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-38869",
"datePublished": "2024-08-23T14:07:46.792Z",
"dateReserved": "2024-06-20T13:15:39.620Z",
"dateUpdated": "2024-08-30T18:47:26.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13154
Vulnerability from cvelistv5
Published
2020-05-18 21:38
Modified
2024-08-04 12:11
Severity ?
EPSS score ?
Summary
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html | x_refsource_MISC | |
| https://gitlab.com/eLeN3Re/CVE-2020-13154 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:19.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-13154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-19T12:16:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-13154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"name": "https://gitlab.com/eLeN3Re/CVE-2020-13154",
"refsource": "MISC",
"url": "https://gitlab.com/eLeN3Re/CVE-2020-13154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13154",
"datePublished": "2020-05-18T21:38:13",
"dateReserved": "2020-05-18T00:00:00",
"dateUpdated": "2024-08-04T12:11:19.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12540
Vulnerability from cvelistv5
Published
2019-07-11 13:15
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T13:15:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12540",
"datePublished": "2019-07-11T13:15:36",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12539
Vulnerability from cvelistv5
Published
2019-07-11 13:16
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-11T13:16:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12539",
"datePublished": "2019-07-11T13:16:35",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:39.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12541
Vulnerability from cvelistv5
Published
2019-06-05 14:36
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12541 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/CVE-2019-12541"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T14:36:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/CVE-2019-12541"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tarantula-team/CVE-2019-12541",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/CVE-2019-12541"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12541",
"datePublished": "2019-06-05T14:36:03",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34197
Vulnerability from cvelistv5
Published
2023-07-07 00:00
Modified
2024-11-13 21:03
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T21:03:38.416283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T21:03:43.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34197",
"datePublished": "2023-07-07T00:00:00",
"dateReserved": "2023-05-30T00:00:00",
"dateUpdated": "2024-11-13T21:03:43.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-47966
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2024-09-13 17:58
Severity ?
EPSS score ?
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:02:36.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"tags": [
"x_transferred"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47966",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:00:59.744032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-01-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47966"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T17:58:23.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T19:33:35.401552",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47966",
"datePublished": "2023-01-18T00:00:00",
"dateReserved": "2022-12-26T00:00:00",
"dateUpdated": "2024-09-13T17:58:23.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26600
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26600",
"datePublished": "2023-03-06T00:00:00",
"dateReserved": "2023-02-26T00:00:00",
"dateUpdated": "2024-08-02T11:53:54.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29443
Vulnerability from cvelistv5
Published
2023-04-26 00:00
Modified
2025-02-03 19:08
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T19:08:35.854169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T19:08:40.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29443",
"datePublished": "2023-04-26T00:00:00.000Z",
"dateReserved": "2023-04-06T00:00:00.000Z",
"dateUpdated": "2025-02-03T19:08:40.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-6843
Vulnerability from cvelistv5
Published
2020-01-23 13:34
Modified
2024-08-04 09:11
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sec-consult.com/en/vulnerability-lab/advisories/index.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Jan/32 | mailing-list, x_refsource_FULLDISC | |
| https://seclists.org/bugtraq/2020/Jan/34 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:11:05.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/32"
},
{
"name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T19:41:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/32"
},
{
"name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-6843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html",
"refsource": "MISC",
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/32"
},
{
"name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/34"
},
{
"name": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html"
},
{
"name": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-6843",
"datePublished": "2020-01-23T13:34:01",
"dateReserved": "2020-01-11T00:00:00",
"dateUpdated": "2024-08-04T09:11:05.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7248
Vulnerability from cvelistv5
Published
2018-05-11 14:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104287 | vdb-entry, x_refsource_BID | |
| https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0 | x_refsource_MISC | |
| https://gitlab.com/e-sterling/cve-2018-7248 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104287"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/e-sterling/cve-2018-7248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user\u0027s logon domain if the accounts exists, or \u0027null\u0027 if it does not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104287"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/e-sterling/cve-2018-7248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user\u0027s logon domain if the accounts exists, or \u0027null\u0027 if it does not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104287"
},
{
"name": "https://medium.com/@esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0",
"refsource": "MISC",
"url": "https://medium.com/@esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0"
},
{
"name": "https://gitlab.com/e-sterling/cve-2018-7248",
"refsource": "MISC",
"url": "https://gitlab.com/e-sterling/cve-2018-7248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7248",
"datePublished": "2018-05-11T14:00:00",
"dateReserved": "2018-02-19T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23074
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23074",
"datePublished": "2023-02-01T00:00:00",
"dateReserved": "2023-01-11T00:00:00",
"dateUpdated": "2024-08-02T10:28:40.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12538
Vulnerability from cvelistv5
Published
2019-06-05 14:40
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12538 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/CVE-2019-12538"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T14:40:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/CVE-2019-12538"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tarantula-team/CVE-2019-12538",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/CVE-2019-12538"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12538",
"datePublished": "2019-06-05T14:40:41",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46065
Vulnerability from cvelistv5
Published
2022-01-27 15:29
Modified
2024-08-04 05:02
Severity ?
EPSS score ?
Summary
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html | x_refsource_MISC | |
| https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:02:10.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-27T15:32:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"name": "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md",
"refsource": "MISC",
"url": "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46065",
"datePublished": "2022-01-27T15:29:46",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-08-04T05:02:10.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6105
Vulnerability from cvelistv5
Published
2023-11-15 20:57
Modified
2025-02-13 17:26
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | Service Desk Plus |
Version: 0 < 14304 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Service Desk Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "14304",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Asset Explorer",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "7004",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Access Manager Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "14304",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.\u003cbr\u003e"
}
],
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database."
}
],
"impacts": [
{
"capecId": "CAPEC-176",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-176 Configuration/Environment Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:58:04.015Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ManageEngine Information Disclosure in Multiple Products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2023-6105",
"datePublished": "2023-11-15T20:57:47.981Z",
"dateReserved": "2023-11-13T15:10:28.339Z",
"dateUpdated": "2025-02-13T17:26:03.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25245
Vulnerability from cvelistv5
Published
2022-04-05 18:27
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/cve-2022-25245.html | x_refsource_CONFIRM | |
| https://raxis.com/blog/cve-2022-25245 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-25245.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raxis.com/blog/cve-2022-25245"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation\u0027s default currency name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-07T20:01:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-25245.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raxis.com/blog/cve-2022-25245"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-25245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation\u0027s default currency name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://manageengine.com",
"refsource": "MISC",
"url": "https://manageengine.com"
},
{
"name": "https://www.manageengine.com/products/service-desk/cve-2022-25245.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk/cve-2022-25245.html"
},
{
"name": "https://raxis.com/blog/cve-2022-25245",
"refsource": "MISC",
"url": "https://raxis.com/blog/cve-2022-25245"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-25245",
"datePublished": "2022-04-05T18:27:38",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-03T04:36:06.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5799
Vulnerability from cvelistv5
Published
2018-03-30 13:00
Modified
2024-08-05 05:47
Severity ?
EPSS score ?
Summary
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2018/Mar/58 | mailing-list, x_refsource_FULLDISC | |
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:55.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180327 ManageEngine Service Desk Plus \u003c 9403 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/58"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-30T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180327 ManageEngine Service Desk Plus \u003c 9403 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/58"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180327 ManageEngine Service Desk Plus \u003c 9403 Cross-Site Scripting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/58"
},
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5799",
"datePublished": "2018-03-30T13:00:00",
"dateReserved": "2018-01-19T00:00:00",
"dateUpdated": "2024-08-05T05:47:55.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44526
Vulnerability from cvelistv5
Published
2021-12-23 14:57
Modified
2024-08-04 04:25
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:25:16.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T14:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44526",
"datePublished": "2021-12-23T14:57:02",
"dateReserved": "2021-12-02T00:00:00",
"dateUpdated": "2024-08-04T04:25:16.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15046
Vulnerability from cvelistv5
Published
2019-08-14 14:51
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html#10509 | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Aug/17 | mailing-list, x_refsource_FULLDISC | |
| https://seclists.org/bugtraq/2019/Aug/37 | mailing-list, x_refsource_BUGTRAQ | |
| http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#10509"
},
{
"name": "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"name": "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T22:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#10509"
},
{
"name": "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"name": "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html#10509",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html#10509"
},
{
"name": "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"name": "20190821 SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/37"
},
{
"name": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15046",
"datePublished": "2019-08-14T14:51:40",
"dateReserved": "2019-08-14T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9362
Vulnerability from cvelistv5
Published
2019-03-25 15:54
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://labs.integrity.pt/advisories/cve-2017-9362 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T15:54:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.integrity.pt/advisories/cve-2017-9362",
"refsource": "MISC",
"url": "https://labs.integrity.pt/advisories/cve-2017-9362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9362",
"datePublished": "2019-03-25T15:54:17",
"dateReserved": "2017-06-02T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23078
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23078",
"datePublished": "2023-02-01T00:00:00",
"dateReserved": "2023-01-11T00:00:00",
"dateUpdated": "2024-08-02T10:28:40.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20080
Vulnerability from cvelistv5
Published
2021-04-09 17:21
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-11 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | ManageEngine ServiceDesk Plus |
Version: Before 11200 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine ServiceDesk Plus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Before 11200"
}
]
},
{
"product": "ManageEngine AssetExplorer",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Before 6800"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated Stored Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-09T17:21:07",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine ServiceDesk Plus",
"version": {
"version_data": [
{
"version_value": "Before 11200"
}
]
}
},
{
"product_name": "ManageEngine AssetExplorer",
"version": {
"version_data": [
{
"version_value": "Before 6800"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated Stored Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-11",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20080",
"datePublished": "2021-04-09T17:21:07",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-20081
Vulnerability from cvelistv5
Published
2021-06-10 11:01
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2021-22 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ManageEngine ServiceDesk Plus |
Version: Before 11205 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ManageEngine ServiceDesk Plus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Before 11205"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete List of Disallowed Inputs leading to Authenticated Remote Command Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T11:01:56",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ManageEngine ServiceDesk Plus",
"version": {
"version_data": [
{
"version_value": "Before 11205"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incomplete List of Disallowed Inputs leading to Authenticated Remote Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-22",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20081",
"datePublished": "2021-06-10T11:01:56",
"dateReserved": "2020-12-17T00:00:00",
"dateUpdated": "2024-08-03T17:30:07.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40770
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40770",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-18T00:00:00",
"dateUpdated": "2024-08-03T12:28:42.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-44077
Vulnerability from cvelistv5
Published
2021-11-29 03:17
Modified
2025-02-04 19:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:17.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-44077",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:30:45.713677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44077"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:30:56.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-28T18:06:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
},
{
"name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013",
"refsource": "MISC",
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
},
{
"name": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44077",
"datePublished": "2021-11-29T03:17:45.000Z",
"dateReserved": "2021-11-20T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:30:56.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15083
Vulnerability from cvelistv5
Published
2020-05-14 13:45
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/48473 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At \"Asset Home \u003e Server \u003e \u003cworkstation\u003e \u003e software\" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-15T18:28:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/48473"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At \"Asset Home \u003e Server \u003e \u003cworkstation\u003e \u003e software\" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105"
},
{
"name": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html"
},
{
"name": "https://www.exploit-db.com/exploits/48473",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/48473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15083",
"datePublished": "2020-05-14T13:45:08",
"dateReserved": "2019-08-15T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35682
Vulnerability from cvelistv5
Published
2021-03-13 18:18
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-13T18:18:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35682",
"datePublished": "2021-03-13T18:18:15",
"dateReserved": "2020-12-24T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12543
Vulnerability from cvelistv5
Published
2019-06-05 14:15
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| https://github.com/tarantula-team/CVE-2019-12543 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tarantula-team/CVE-2019-12543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T14:15:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tarantula-team/CVE-2019-12543"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "https://github.com/tarantula-team/CVE-2019-12543",
"refsource": "MISC",
"url": "https://github.com/tarantula-team/CVE-2019-12543"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12543",
"datePublished": "2019-06-05T14:15:54",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12133
Vulnerability from cvelistv5
Published
2019-06-18 21:27
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html | x_refsource_CONFIRM | |
| https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T18:00:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"name": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md",
"refsource": "MISC",
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12133",
"datePublished": "2019-06-18T21:27:25",
"dateReserved": "2019-05-15T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8395
Vulnerability from cvelistv5
Published
2019-02-17 04:00
Modified
2024-08-04 21:17
Severity ?
EPSS score ?
Summary
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-17T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-8395",
"datePublished": "2019-02-17T04:00:00",
"dateReserved": "2019-02-16T00:00:00",
"dateUpdated": "2024-08-04T21:17:31.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37415
Vulnerability from cvelistv5
Published
2021-09-01 05:29
Modified
2025-02-03 15:47
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com | x_refsource_MISC | |
| https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:04.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-37415",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T21:13:15.974037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-37415"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T15:47:17.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-01T05:29:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com",
"refsource": "MISC",
"url": "https://www.manageengine.com"
},
{
"name": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37415",
"datePublished": "2021-09-01T05:29:11.000Z",
"dateReserved": "2021-07-23T00:00:00.000Z",
"dateUpdated": "2025-02-03T15:47:17.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15045
Vulnerability from cvelistv5
Published
2019-08-21 18:26
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/products/service-desk/readme.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2019/Aug/17 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-15045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T20:43:22.718803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T20:43:30.010Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor\u0027s position is that this is intended functionality"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-21T22:06:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor\u0027s position is that this is intended functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/service-desk/readme.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Aug/17",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"name": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15045",
"datePublished": "2019-08-21T18:26:18",
"dateReserved": "2019-08-14T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-40772
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:28:42.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-40772",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-18T00:00:00",
"dateUpdated": "2024-08-03T12:28:42.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26601
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://manageengine.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://manageengine.com"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-26601",
"datePublished": "2023-03-06T00:00:00",
"dateReserved": "2023-02-26T00:00:00",
"dateUpdated": "2024-08-02T11:53:53.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-23077
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2024-08-02 10:28
Severity ?
EPSS score ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:39.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator"
},
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23077",
"datePublished": "2023-02-01T00:00:00",
"dateReserved": "2023-01-11T00:00:00",
"dateUpdated": "2024-08-02T10:28:39.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41150
Vulnerability from cvelistv5
Published
2024-08-23 14:08
Modified
2024-08-23 14:38
Severity ?
EPSS score ?
Summary
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | ManageEngine | ServiceDesk Plus |
Version: 0 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T14:38:04.957325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:38:15.256Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/products/service-desk/",
"defaultStatus": "unaffected",
"product": "ServiceDesk Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "14810",
"status": "affected",
"version": "0",
"versionType": "14810"
}
]
},
{
"collectionURL": "https://www.manageengine.com/products/service-desk/",
"defaultStatus": "unaffected",
"product": "ServiceDesk Plus MSP",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "14800",
"status": "affected",
"version": "0",
"versionType": "14810"
}
]
},
{
"collectionURL": "https://www.manageengine.com/products/service-desk/",
"defaultStatus": "unaffected",
"product": "SupportCenter Plus",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "14800",
"status": "affected",
"version": "0",
"versionType": "14810"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.\u003c/span\u003e\u003cp\u003eThis issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.\u003c/p\u003e"
}
],
"value": "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp\u00a0ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T14:15:04.852Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/products/service-desk/CVE-2024-41150.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-41150",
"datePublished": "2024-08-23T14:08:17.169Z",
"dateReserved": "2024-07-16T07:03:21.737Z",
"dateUpdated": "2024-08-23T14:38:15.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12538 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12538 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a trav\u00e9s del campo de b\u00fasqueda SiteLookup.do."
}
],
"id": "CVE-2019-12538",
"lastModified": "2024-11-21T04:23:03.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T15:29:01.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12538"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-23 15:15
Modified
2024-08-30 18:15
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "634F72F5-4770-47AC-B0E1-D04190B7B22D",
"versionEndIncluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810:*:*:*:*:*:*",
"matchCriteriaId": "34019F05-EB3F-4ACF-B46A-2ACD7D47F60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8FD5AF-A4AB-4D07-892C-07F3DF1D68F5",
"versionEndIncluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800:*:*:*:*:*:*",
"matchCriteriaId": "6E89A676-2FA1-4B92-89DA-67678F803C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3DD0B2-ABBE-489E-B2A1-53E387996F58",
"versionEndIncluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800:*:*:*:*:*:*",
"matchCriteriaId": "C6C2D0B5-AE61-4B74-AA50-3E7BFFB41761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine Endpoint Central affected by\u00a0Incorrect authorization vulnerability in remote office deploy configurations.This issue affects Endpoint Central: before 11.3.2416.04 and before 11.3.2400.25."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting Almacenado afecta a Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP y SupportCenter Plus. Este problema afecta a las versiones de ServiceDesk Plus: hasta 14810; ServiceDesk Plus MSP: hasta 14800; SupportCenter Plus: hasta 14800."
}
],
"id": "CVE-2024-38869",
"lastModified": "2024-08-30T18:15:07.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-23T15:15:15.843",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"url": "https://www.manageengine.com/products/desktop-central/security-updates-config-access.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-27 16:15
Modified
2024-11-21 06:33
Severity ?
Summary
A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 11.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11306:*:*:*:*:*:*",
"matchCriteriaId": "B2DB18CB-A6BB-46FC-B869-44D7ACC2470D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en el Campo Secondary Email en Zoho ManageEngine ServiceDesk Plus versi\u00f3n 11.3 Build 11306, permite a atacantes inyectar c\u00f3digo JavaScript arbitrario"
}
],
"id": "CVE-2021-46065",
"lastModified": "2024-11-21T06:33:34.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-27T16:15:07.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/corrupted-brain/Findings/blob/main/ManageEngine%20XSS.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-29 04:15
Modified
2025-02-04 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
References
Impacted products
{
"cisaActionDue": "2021-12-15",
"cisaExploitAdd": "2021-12-01",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*",
"matchCriteriaId": "106A06E5-56E8-41D3-A059-7DA6737DABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*",
"matchCriteriaId": "401AEAD2-183D-4E55-94AD-D24A9BE46D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*",
"matchCriteriaId": "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*",
"matchCriteriaId": "417D6E6A-C16A-4A76-8D65-31340834233E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*",
"matchCriteriaId": "1A040A5B-8C2A-4557-AB5E-1427B0F1E889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*",
"matchCriteriaId": "207A81A8-02EF-4793-B047-46581BF7E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*",
"matchCriteriaId": "194BEECD-F877-4D28-A534-E965D69C9EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*",
"matchCriteriaId": "8EA1D3D0-696F-4FFE-9CDE-B69071FA574E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*",
"matchCriteriaId": "7D130762-4B49-4089-99A1-FEFD6B76AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*",
"matchCriteriaId": "CDC33E6B-81E2-4A15-8889-2CD709CF5E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*",
"matchCriteriaId": "E08A077E-B1AA-432A-B37A-AA603C8CD1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*",
"matchCriteriaId": "69B73464-8627-4CCE-93CE-B312A9D7B35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*",
"matchCriteriaId": "51839FBE-A7E1-40FD-B44B-F9C8CA62E063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*",
"matchCriteriaId": "7BE9BFCC-04AB-4053-949C-B2860E7E43B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*",
"matchCriteriaId": "A2062399-67EA-4368-9629-60E4A59DDB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*",
"matchCriteriaId": "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*",
"matchCriteriaId": "4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*",
"matchCriteriaId": "DEE7D305-0FA5-4126-A585-4FC1162AFA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*",
"matchCriteriaId": "05376518-DE14-45F7-9B60-F4B4CF7BD7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*",
"matchCriteriaId": "7FB2885F-308D-4AAC-9CD3-53150CC81C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*",
"matchCriteriaId": "188135EF-9821-4325-A34F-AB6F430F5DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*",
"matchCriteriaId": "DC971E05-D69B-4688-861D-3D6357726CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*",
"matchCriteriaId": "FF31050A-1CB8-48E0-BFFA-4BC89538FEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*",
"matchCriteriaId": "5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*",
"matchCriteriaId": "360C0396-E928-4FCB-BAD3-6246A3BCEE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*",
"matchCriteriaId": "3287B495-E4CB-4B2F-9ED5-E077AB0CDC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "702877AB-4E70-4E11-BBBF-F3B9670C39FB",
"versionEndIncluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*",
"matchCriteriaId": "6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*",
"matchCriteriaId": "860EBABC-B252-4C73-97C6-57A67ED94492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*",
"matchCriteriaId": "71E4F529-B091-4565-B024-185174483A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*",
"matchCriteriaId": "FADCF801-93E0-430B-BD14-092ACE960D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*",
"matchCriteriaId": "97CD568D-AF18-42E7-8357-9AE2B279BEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*",
"matchCriteriaId": "9EB715EE-313B-4D62-A345-C4F7EB7C3DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*",
"matchCriteriaId": "B965016B-7584-4661-A8F3-C8EA3DB1E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*",
"matchCriteriaId": "DCF7199B-A66E-425B-9614-D8256C4C828D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*",
"matchCriteriaId": "81F583C7-CB76-430A-A7AC-F3E727E0A26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*",
"matchCriteriaId": "F33A3E84-F73B-4797-8A97-3F10F77BD631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*",
"matchCriteriaId": "724284CA-51FE-46E8-B90E-99C53615901B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*",
"matchCriteriaId": "8342A66C-4C0B-4FAE-987A-276CE126724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*",
"matchCriteriaId": "39C638A3-C8A1-4C2A-9B8F-39339F5674CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*",
"matchCriteriaId": "7BB0CD9F-5459-44A7-9AD1-A70D3208369B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*",
"matchCriteriaId": "7399A6B2-B0F2-4898-AC04-E50B508EA495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*",
"matchCriteriaId": "7793C1AC-38FA-4B31-BB78-004A519DD4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*",
"matchCriteriaId": "7C30D050-4BDC-46E6-819E-49898AD56BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*",
"matchCriteriaId": "AB7D8E3B-30C3-44C5-90B7-561F4E09830E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*",
"matchCriteriaId": "33960952-4461-4502-A2B5-364E22C96824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*",
"matchCriteriaId": "0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*",
"matchCriteriaId": "AD1A9B14-02F0-4674-9032-73778271CACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10521:*:*:*:*:*:*",
"matchCriteriaId": "9F64234B-85F7-45FE-9308-5C45F95EC4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10522:*:*:*:*:*:*",
"matchCriteriaId": "9EE6A4EB-E22A-4B06-9C2A-BCF1CA20A2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10523:*:*:*:*:*:*",
"matchCriteriaId": "1758E31C-9AD6-480F-B425-EA7776CDA1F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10524:*:*:*:*:*:*",
"matchCriteriaId": "9506206D-1914-4FDD-AD81-5DACC07B6990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10525:*:*:*:*:*:*",
"matchCriteriaId": "79283836-E9D6-4C54-9E3D-40FB586B9071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10526:*:*:*:*:*:*",
"matchCriteriaId": "6AA91D46-40E8-4019-B993-80CFAC548F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10527:*:*:*:*:*:*",
"matchCriteriaId": "7DFDE5E2-1F3A-4C1C-9323-0025E87FA4F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10528:*:*:*:*:*:*",
"matchCriteriaId": "8EDCDA56-54A1-4D94-96FD-AD1064E15767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10529:*:*:*:*:*:*",
"matchCriteriaId": "1A3E96BB-0EF9-4DAC-84EB-7496F7293D71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD6428C-9132-46B0-849B-DDDFA23B1C2B",
"versionEndIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecuci\u00f3n de c\u00f3digo remota no autenticada. Esto est\u00e1 relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuraci\u00f3n de Struts"
}
],
"id": "CVE-2021-44077",
"lastModified": "2025-02-04T20:15:44.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-11-29T04:15:06.737",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-23 18:15
Modified
2024-11-21 07:22
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/CVE-2022-40771.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/CVE-2022-40771.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1FCF-76A0-40BC-A38F-56FCB713419F",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "79342FBF-8F53-4A9D-A021-6748FC42D777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3AE43EA7-9AA1-4EA7-8840-22BD543A093C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*",
"matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*",
"matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*",
"matchCriteriaId": "34EFB9EF-269E-4A72-8357-2A54E8B78C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*",
"matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure."
},
{
"lang": "es",
"value": "Las versiones 13010 y anteriores de Zoho ManageEngine ServiceDesk Plus son vulnerables a un ataque de Entidad Externa XML (XXE) que conduce a la divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2022-40771",
"lastModified": "2024-11-21T07:22:01.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-23T18:15:12.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40771.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-29 14:15
Modified
2024-11-21 06:05
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/ | Broken Link | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk-msp/readme.html#10521 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/ | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk-msp/readme.html#10521 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F10A782D-24BB-477D-B828-38FF8C008E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82A926C-EDD8-4540-B6D0-695A16686511",
"versionEndExcluding": "10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*",
"matchCriteriaId": "6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*",
"matchCriteriaId": "860EBABC-B252-4C73-97C6-57A67ED94492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*",
"matchCriteriaId": "71E4F529-B091-4565-B024-185174483A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*",
"matchCriteriaId": "FADCF801-93E0-430B-BD14-092ACE960D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*",
"matchCriteriaId": "97CD568D-AF18-42E7-8357-9AE2B279BEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*",
"matchCriteriaId": "9EB715EE-313B-4D62-A345-C4F7EB7C3DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*",
"matchCriteriaId": "B965016B-7584-4661-A8F3-C8EA3DB1E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*",
"matchCriteriaId": "DCF7199B-A66E-425B-9614-D8256C4C828D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*",
"matchCriteriaId": "81F583C7-CB76-430A-A7AC-F3E727E0A26D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*",
"matchCriteriaId": "F33A3E84-F73B-4797-8A97-3F10F77BD631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*",
"matchCriteriaId": "724284CA-51FE-46E8-B90E-99C53615901B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*",
"matchCriteriaId": "8342A66C-4C0B-4FAE-987A-276CE126724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*",
"matchCriteriaId": "39C638A3-C8A1-4C2A-9B8F-39339F5674CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*",
"matchCriteriaId": "7BB0CD9F-5459-44A7-9AD1-A70D3208369B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*",
"matchCriteriaId": "7399A6B2-B0F2-4898-AC04-E50B508EA495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*",
"matchCriteriaId": "7793C1AC-38FA-4B31-BB78-004A519DD4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*",
"matchCriteriaId": "7C30D050-4BDC-46E6-819E-49898AD56BFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*",
"matchCriteriaId": "AB7D8E3B-30C3-44C5-90B7-561F4E09830E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*",
"matchCriteriaId": "33960952-4461-4502-A2B5-364E22C96824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*",
"matchCriteriaId": "0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*",
"matchCriteriaId": "AD1A9B14-02F0-4674-9032-73778271CACB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, permite a un atacante acceder a datos internos"
}
],
"id": "CVE-2021-31160",
"lastModified": "2024-11-21T06:05:12.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-29T14:15:08.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk-msp/readme.html#10521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://excellium-services.com/cert-xlm-advisory/cve-2021-31160/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk-msp/readme.html#10521"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-09 18:15
Modified
2024-11-21 05:45
Severity ?
Summary
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-11 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-11 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1:-:*:*:*:*:*:*",
"matchCriteriaId": "94616708-8F58-4E87-BAE5-73133FE433D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5B4536B5-8263-4D00-A7A4-1B286BB7B311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8201:*:*:*:*:*:*",
"matchCriteriaId": "24902805-615E-43C2-BB25-911B8D8ADE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8202:*:*:*:*:*:*",
"matchCriteriaId": "554F4EA8-601E-42C4-A154-150EC217A1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8203:*:*:*:*:*:*",
"matchCriteriaId": "92DFF866-8BF6-416D-BD33-EDA523D1E09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8204:*:*:*:*:*:*",
"matchCriteriaId": "E4A0EC51-3D07-4227-A157-4CA204FD02BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8205:*:*:*:*:*:*",
"matchCriteriaId": "9E9AAB0C-0DBD-47A7-8F0C-670FE85F5CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8206:*:*:*:*:*:*",
"matchCriteriaId": "D2C44765-DC25-40B9-82D5-AC143821755B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8207:*:*:*:*:*:*",
"matchCriteriaId": "937E95E7-E925-40FC-A112-6DA545EF6584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8208:*:*:*:*:*:*",
"matchCriteriaId": "7981B9EF-AA5D-4022-B2AB-2EE57A2B1DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8209:*:*:*:*:*:*",
"matchCriteriaId": "B6B85248-1BD3-4648-B0B3-BD9E98A92A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8210:*:*:*:*:*:*",
"matchCriteriaId": "AB274DBB-2B3D-4B7C-9B12-FC5CCABD0F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8211:*:*:*:*:*:*",
"matchCriteriaId": "F58D17A3-7395-42CB-A6A1-3362AC37CD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8212:*:*:*:*:*:*",
"matchCriteriaId": "98959391-6262-48D6-8546-C42A5D2489C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8213:*:*:*:*:*:*",
"matchCriteriaId": "E07DD7A7-7D58-4615-ABA3-718088A897FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8214:*:*:*:*:*:*",
"matchCriteriaId": "C911FE7F-2B93-44E2-BF4A-AF9344D1E3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8215:*:*:*:*:*:*",
"matchCriteriaId": "0CEC9CE1-0BE7-4434-B853-A2850EBEB3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8216:*:*:*:*:*:*",
"matchCriteriaId": "0E237ABD-4FB9-4DB9-94CE-69F01727799A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8217:*:*:*:*:*:*",
"matchCriteriaId": "6DEF0341-D42E-4C47-8224-704DD41F7D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "577B5A33-FC1D-4334-882E-7007CBF264D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9000:*:*:*:*:*:*",
"matchCriteriaId": "E2AEEE6B-0187-4D37-A042-170CBE780127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9001:*:*:*:*:*:*",
"matchCriteriaId": "0070815C-273A-45A7-BD4A-F0A4553D326E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9002:*:*:*:*:*:*",
"matchCriteriaId": "F81E4E47-E8DB-4983-8226-6C5E5A283EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9003:*:*:*:*:*:*",
"matchCriteriaId": "4297FC42-1E40-4AAE-B492-AF29DA0C2979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9004:*:*:*:*:*:*",
"matchCriteriaId": "04AA8545-FFFF-4731-BBFC-7BF577872F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9005:*:*:*:*:*:*",
"matchCriteriaId": "D83ACA73-42A4-43CF-B099-9842C935A8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9006:*:*:*:*:*:*",
"matchCriteriaId": "74698925-CD1A-483D-9F72-DF95599E9150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9007:*:*:*:*:*:*",
"matchCriteriaId": "1ADA7A20-BA3C-4537-8FB5-D5538C762790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9008:*:*:*:*:*:*",
"matchCriteriaId": "E29931D8-5840-4796-92D3-FD30FAC633FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9009:*:*:*:*:*:*",
"matchCriteriaId": "D4CBFDCE-9DAE-4541-A49E-C864BF849E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9010:*:*:*:*:*:*",
"matchCriteriaId": "02FEA14F-7656-43AF-8028-CBA7D0DA0AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9011:*:*:*:*:*:*",
"matchCriteriaId": "2FE60600-A21B-4153-8296-51EAA465CE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9012:*:*:*:*:*:*",
"matchCriteriaId": "A14D0484-66C4-4EF5-9601-9E533FD0AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9013:*:*:*:*:*:*",
"matchCriteriaId": "DC5D293D-A02C-422A-ADD8-FA6EDD72F4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9014:*:*:*:*:*:*",
"matchCriteriaId": "9B780FA5-AF88-4315-9C8A-9AAB8E8030A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9016:*:*:*:*:*:*",
"matchCriteriaId": "605575AD-C3C8-43A4-AB03-E9719F792324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9017:*:*:*:*:*:*",
"matchCriteriaId": "6EFA48CD-C990-4CFE-8C4C-2449D3A3E665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9018:*:*:*:*:*:*",
"matchCriteriaId": "14E92F04-550A-4ED9-AF4E-DD7E9F5E15E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9019:*:*:*:*:*:*",
"matchCriteriaId": "E9DACA83-23CF-4C8D-B5A1-1A1A7AEC20FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9020:*:*:*:*:*:*",
"matchCriteriaId": "B2733446-DFA8-4B15-A50F-BB6E07D5927E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9021:*:*:*:*:*:*",
"matchCriteriaId": "10DBE5B0-7E17-413A-AAA8-5F0DEFD6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9022:*:*:*:*:*:*",
"matchCriteriaId": "744C7BC5-3053-493E-8F1E-52B875EA66F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9023:*:*:*:*:*:*",
"matchCriteriaId": "24444021-610D-4EF2-BB1A-EB70CD2A5F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9024:*:*:*:*:*:*",
"matchCriteriaId": "0594BCB0-F5A5-4F2D-B024-13AC67AA4B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9025:*:*:*:*:*:*",
"matchCriteriaId": "004E66AE-F871-45D1-A47A-F27462167C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9026:*:*:*:*:*:*",
"matchCriteriaId": "18248546-B217-47A3-8EC1-C71E4358F5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9027:*:*:*:*:*:*",
"matchCriteriaId": "160FD535-5B72-4182-9828-725BAF335DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9028:*:*:*:*:*:*",
"matchCriteriaId": "49692C35-49DC-4EE5-B360-16078A94D968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9029:*:*:*:*:*:*",
"matchCriteriaId": "47A9D8FE-E92F-4136-B212-C42541653781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9030:*:*:*:*:*:*",
"matchCriteriaId": "A266AC34-BDF8-4D65-82C9-85D69C509BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9031:*:*:*:*:*:*",
"matchCriteriaId": "A2EFEE24-1C21-488E-B286-656D25B758BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9032:*:*:*:*:*:*",
"matchCriteriaId": "5903D3C4-BF84-4CEB-95E9-60C8D4E69D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9033:*:*:*:*:*:*",
"matchCriteriaId": "42C571A1-70D4-48DF-8037-31FE362AA7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9034:*:*:*:*:*:*",
"matchCriteriaId": "768B75E8-7EAE-4AE6-98BB-A90193A678B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9035:*:*:*:*:*:*",
"matchCriteriaId": "3150232F-41A2-4098-81F9-CEF1A60B2F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9036:*:*:*:*:*:*",
"matchCriteriaId": "7850BA73-70CD-4047-AE49-56C5373E20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9037:*:*:*:*:*:*",
"matchCriteriaId": "134755A0-28D8-4495-B443-A092C5C0E4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9038:*:*:*:*:*:*",
"matchCriteriaId": "D4594C2E-E003-4586-BAF8-DC687347EFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9039:*:*:*:*:*:*",
"matchCriteriaId": "06A9CD32-A6E3-4BFE-8501-FB63000731D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9040:*:*:*:*:*:*",
"matchCriteriaId": "DBBB3BA2-0FEB-4883-B742-64C478A37B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9041:*:*:*:*:*:*",
"matchCriteriaId": "793E9796-D53B-4293-9ECA-4B6EB8E217F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9042:*:*:*:*:*:*",
"matchCriteriaId": "62244706-A31F-48B8-B35D-C4B0AABAC678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9043:*:*:*:*:*:*",
"matchCriteriaId": "5DD600F0-DF69-474C-B2ED-8551BF9F25FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9044:*:*:*:*:*:*",
"matchCriteriaId": "9D087887-925B-4D03-A04B-110D59A6BC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9045:*:*:*:*:*:*",
"matchCriteriaId": "8556C499-F15B-4538-BE38-AD1112917F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9046:*:*:*:*:*:*",
"matchCriteriaId": "9300D81A-196A-4C76-ACC1-FE063E1A8CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9047:*:*:*:*:*:*",
"matchCriteriaId": "A7529CE5-C62D-4676-A2F2-15E76F66BD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9048:*:*:*:*:*:*",
"matchCriteriaId": "E0C73A49-8143-4C35-95AB-31BB56C80438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9049:*:*:*:*:*:*",
"matchCriteriaId": "3F1E996E-FB6A-4F65-9A48-52029627AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "71BB9EF4-882F-4339-A088-DFD3EE1296D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9100:*:*:*:*:*:*",
"matchCriteriaId": "C79B3F6A-7AE0-487E-8044-B6C15E9C21E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9101:*:*:*:*:*:*",
"matchCriteriaId": "977BF207-74F1-4D9D-BFF9-BF63469E260E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9102:*:*:*:*:*:*",
"matchCriteriaId": "1EBB9679-E791-4926-9155-99C894F26EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9103:*:*:*:*:*:*",
"matchCriteriaId": "E3FA3476-AEEC-47E6-A2DF-19B24A4CA9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9104:*:*:*:*:*:*",
"matchCriteriaId": "035C0A12-BB52-448B-8B34-C62083A60917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9105:*:*:*:*:*:*",
"matchCriteriaId": "C74B8E40-88E9-495E-980E-20AA69BE4E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9106:*:*:*:*:*:*",
"matchCriteriaId": "CF088327-2D8E-4409-852C-BFF68E6D7449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9107:*:*:*:*:*:*",
"matchCriteriaId": "6B8EEE98-CE3E-4D63-AEBE-C0061B7F1CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9108:*:*:*:*:*:*",
"matchCriteriaId": "F7738BD7-CA9D-443B-A743-69B96243956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9109:*:*:*:*:*:*",
"matchCriteriaId": "6801BD3B-5B95-410B-ABD8-3E1729856615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9110:*:*:*:*:*:*",
"matchCriteriaId": "5F6F567B-E445-45B1-ACB6-C61628F39962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9111:*:*:*:*:*:*",
"matchCriteriaId": "C066567A-E5A2-48CA-8EAF-2919FC499569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9112:*:*:*:*:*:*",
"matchCriteriaId": "B060B925-FDE8-48B3-BF41-32E828ACC5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9113:*:*:*:*:*:*",
"matchCriteriaId": "48C1DC18-3FA3-4709-8251-EB9AD370E529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9114:*:*:*:*:*:*",
"matchCriteriaId": "8A46CF84-1258-4217-97E1-B387BAA40A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9115:*:*:*:*:*:*",
"matchCriteriaId": "F8DA4A28-1151-4BFB-A9A0-9BC128FDD57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9116:*:*:*:*:*:*",
"matchCriteriaId": "9C7D2FB4-22D5-4A58-AB8E-2B543A57CCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9117:*:*:*:*:*:*",
"matchCriteriaId": "799B4970-767F-4207-AACF-2F1AAE09DE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9118:*:*:*:*:*:*",
"matchCriteriaId": "068C757A-03A5-4AB2-825F-675028C8E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9119:*:*:*:*:*:*",
"matchCriteriaId": "CB0BFAA6-2D92-4FEA-AFDF-1FB005C64CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9120:*:*:*:*:*:*",
"matchCriteriaId": "412C04A6-F5FD-4EBB-8FCE-BE489D726352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9121:*:*:*:*:*:*",
"matchCriteriaId": "842FF39B-7EC2-42AE-8B98-006D8E455A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5272F67C-EBCE-46B5-BF68-DB183704BE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9200:*:*:*:*:*:*",
"matchCriteriaId": "DB4472B8-232E-4700-B376-2006005F0F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9201:*:*:*:*:*:*",
"matchCriteriaId": "01A82F61-8882-419F-9715-3A636F5FBD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9202:*:*:*:*:*:*",
"matchCriteriaId": "87F8B3E1-8936-470A-BB41-5E5EEC2B86F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9203:*:*:*:*:*:*",
"matchCriteriaId": "D18E2BB1-3F3B-42BA-8CC0-43627C6B676E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9204:*:*:*:*:*:*",
"matchCriteriaId": "9B2EE162-C6DE-4182-93A0-021A5410E83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9205:*:*:*:*:*:*",
"matchCriteriaId": "C420A37E-E89A-472D-B605-0943F21C0592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9206:*:*:*:*:*:*",
"matchCriteriaId": "80BF4466-5244-4238-AD69-66697E5B30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9207:*:*:*:*:*:*",
"matchCriteriaId": "54DFDAB9-540E-4388-9FA0-9CAE93FDD78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9208:*:*:*:*:*:*",
"matchCriteriaId": "72D32098-2C3C-4EA0-BFE0-127DA43DF136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9209:*:*:*:*:*:*",
"matchCriteriaId": "6CD17130-56ED-4460-844D-B877F7E9EB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9210:*:*:*:*:*:*",
"matchCriteriaId": "67C76DD0-258A-4D39-8694-0191B608FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9211:*:*:*:*:*:*",
"matchCriteriaId": "0522B2B2-5647-46AF-AAAE-F86DDACA790B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9212:*:*:*:*:*:*",
"matchCriteriaId": "524258FD-71A0-4E2D-BE58-2500944EDAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9213:*:*:*:*:*:*",
"matchCriteriaId": "3529FA8F-A5F5-44DF-9E77-80C9DA7F8ED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9214:*:*:*:*:*:*",
"matchCriteriaId": "1117F600-7DA8-4FB7-8CE0-D5EE8194A3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9215:*:*:*:*:*:*",
"matchCriteriaId": "907FE1F5-9F3B-4B06-A89D-CA842BB956AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9216:*:*:*:*:*:*",
"matchCriteriaId": "5707EB1A-2D06-4FDE-AC23-4EF391018423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9217:*:*:*:*:*:*",
"matchCriteriaId": "03A1E00A-5EEC-4DD8-9A6B-732A140E4F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9218:*:*:*:*:*:*",
"matchCriteriaId": "DF75E79B-5680-4E72-9597-12C9A32FB075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9219:*:*:*:*:*:*",
"matchCriteriaId": "03DF444A-CA6E-426B-BC7E-2F1E73E4E5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9220:*:*:*:*:*:*",
"matchCriteriaId": "0BE8B99C-0D4F-4BB1-AE62-8FBC1A0F3C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9221:*:*:*:*:*:*",
"matchCriteriaId": "47B69879-E65E-4C31-AC89-C872AF7C7736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9222:*:*:*:*:*:*",
"matchCriteriaId": "BE7E7D41-BE15-4439-AB25-65F1FA4A27EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9223:*:*:*:*:*:*",
"matchCriteriaId": "2008020E-9A7C-42A7-BCA7-DB8A27F5AD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9224:*:*:*:*:*:*",
"matchCriteriaId": "2550C2F0-97B2-49FF-B7EF-D4AD7BA6CFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9225:*:*:*:*:*:*",
"matchCriteriaId": "D3177C32-5A5D-44B4-BD9B-A261EE536098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9226:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB83F-5E79-4DD8-AC70-36EE7BB88C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9227:*:*:*:*:*:*",
"matchCriteriaId": "68922363-7E1B-42EE-8F29-F19F7AD54F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9228:*:*:*:*:*:*",
"matchCriteriaId": "3C1D71E8-AD75-4019-9D8D-BCF1C30F16CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9229:*:*:*:*:*:*",
"matchCriteriaId": "B28D8431-61FF-4943-9EBE-C0C824B9206F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9230:*:*:*:*:*:*",
"matchCriteriaId": "00F9A491-EDBB-4C72-A598-03AD807046AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9231:*:*:*:*:*:*",
"matchCriteriaId": "1DBA185A-70DE-4919-89F8-9DF1CA17FB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9232:*:*:*:*:*:*",
"matchCriteriaId": "789190B8-4EAA-4D57-9B59-D30C2183E3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9233:*:*:*:*:*:*",
"matchCriteriaId": "0655B57A-0A51-4541-AF81-EBA9E7A200A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9234:*:*:*:*:*:*",
"matchCriteriaId": "CF4F0539-649F-41FD-8BB6-7158183A670C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9235:*:*:*:*:*:*",
"matchCriteriaId": "8DD9A63F-309F-423F-98AB-86007CED2C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9236:*:*:*:*:*:*",
"matchCriteriaId": "E7389397-03A6-48C6-98AC-7273E3CEF7D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9237:*:*:*:*:*:*",
"matchCriteriaId": "CC5E6061-FC5D-4201-BD39-3862556F4E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9238:*:*:*:*:*:*",
"matchCriteriaId": "0D33A187-CE61-4A39-8BF7-8A65871C54BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9239:*:*:*:*:*:*",
"matchCriteriaId": "C42C7942-7F44-42A7-882E-D69CB93620E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9240:*:*:*:*:*:*",
"matchCriteriaId": "11FD12A0-12FC-4D45-8F5A-86D039D5194A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9241:*:*:*:*:*:*",
"matchCriteriaId": "A006266D-5686-4867-A9B9-BCAE40B69FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9242:*:*:*:*:*:*",
"matchCriteriaId": "967FC7F6-3580-4DCE-A7F0-7C27D0D9FAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:-:*:*:*:*:*:*",
"matchCriteriaId": "28144D4F-B106-466E-97FE-95792AF01EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9300:*:*:*:*:*:*",
"matchCriteriaId": "45E23A86-2DFB-419B-AD19-1A63E0D12203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9301:*:*:*:*:*:*",
"matchCriteriaId": "D6E8AD08-4E3C-4503-A582-B6CEDAE362B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9302:*:*:*:*:*:*",
"matchCriteriaId": "2E3824C3-8B4C-4C52-AC13-3911BEE11A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9303:*:*:*:*:*:*",
"matchCriteriaId": "52500AC3-F89B-4A95-8C44-B74DA14EF9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9304:*:*:*:*:*:*",
"matchCriteriaId": "1A2C7747-9D88-4962-B8F6-0B4309D0F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9305:*:*:*:*:*:*",
"matchCriteriaId": "E788E5CD-4274-42A1-9974-30E0380D87F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9306:*:*:*:*:*:*",
"matchCriteriaId": "BD942532-B9A1-4F7B-8E1B-C456516E7168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9307:*:*:*:*:*:*",
"matchCriteriaId": "6F16D144-7DDA-4151-8763-FC846BF114EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9308:*:*:*:*:*:*",
"matchCriteriaId": "43AF43F0-A9E2-4A3F-8011-D52B9D5A2A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9309:*:*:*:*:*:*",
"matchCriteriaId": "B70C28C0-77C2-4A77-8958-A055EB307008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9310:*:*:*:*:*:*",
"matchCriteriaId": "BE28CD2C-2B3A-43CF-BDA4-D98852D75EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9311:*:*:*:*:*:*",
"matchCriteriaId": "BD8C312B-8348-4476-B0C3-1544F2D378F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9312:*:*:*:*:*:*",
"matchCriteriaId": "F56255C6-9E9A-48C4-A83A-C8FA8EEE2190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9313:*:*:*:*:*:*",
"matchCriteriaId": "2510E11A-992C-4ED7-9338-AF3B7BBA7160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9314:*:*:*:*:*:*",
"matchCriteriaId": "778D0E3E-E77B-44BD-8155-5464405C8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9315:*:*:*:*:*:*",
"matchCriteriaId": "D708A96D-F89E-44D0-B655-6A8BD1D08B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9316:*:*:*:*:*:*",
"matchCriteriaId": "4524947C-3F09-4DC7-BE0E-B695BC4C00EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*",
"matchCriteriaId": "FA1D85B3-8327-4032-96A1-CF3EAF477160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9318:*:*:*:*:*:*",
"matchCriteriaId": "78B40A2C-6289-4581-AA84-58FF00DF8861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9319:*:*:*:*:*:*",
"matchCriteriaId": "26C645F1-4C43-4D82-B223-2A037A154466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9320:*:*:*:*:*:*",
"matchCriteriaId": "FA95FDD5-5530-4B25-9702-12A39FF49F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9321:*:*:*:*:*:*",
"matchCriteriaId": "4B8CA6EF-F82C-40A7-B8B4-476082E8F6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9322:*:*:*:*:*:*",
"matchCriteriaId": "27627445-9D74-4A82-80C1-17D32B7FF498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9323:*:*:*:*:*:*",
"matchCriteriaId": "C5C1BB5D-890E-4A9D-9F2F-68C18DB6BB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9324:*:*:*:*:*:*",
"matchCriteriaId": "3DA73624-42A9-4FB6-B04A-A06AAE3550AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9325:*:*:*:*:*:*",
"matchCriteriaId": "488F83E8-B1C3-4FF9-82AA-6E849146716A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9326:*:*:*:*:*:*",
"matchCriteriaId": "B68BF79E-EBB3-4427-AF00-818368FB2873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9327:*:*:*:*:*:*",
"matchCriteriaId": "32795B52-2EBE-49D5-9CF2-7809E07D9773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9328:*:*:*:*:*:*",
"matchCriteriaId": "BB5FB7E0-7480-4621-A891-F0B146362068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9329:*:*:*:*:*:*",
"matchCriteriaId": "01DCE8C6-9F6F-492F-836A-F2959D4D6B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9330:*:*:*:*:*:*",
"matchCriteriaId": "99E9D0C9-98B1-40C9-AB15-ED26C2FD3618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9331:*:*:*:*:*:*",
"matchCriteriaId": "6939C42F-7B4E-4D63-B2A3-45624307AE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9332:*:*:*:*:*:*",
"matchCriteriaId": "61804D75-F80A-4432-9872-3CCF74719AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9333:*:*:*:*:*:*",
"matchCriteriaId": "84B391A6-11E1-4269-8697-1ED54420B4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9334:*:*:*:*:*:*",
"matchCriteriaId": "D8FFC18D-60E1-4E0C-9E1B-73CEEC751882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9335:*:*:*:*:*:*",
"matchCriteriaId": "B09F30F9-2EF8-4E93-BD62-E57A553F5BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9336:*:*:*:*:*:*",
"matchCriteriaId": "6E8AAA4B-9A8B-4C62-AFAC-D16AD4B4BF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1A5B76DE-A0AA-430C-B28F-C9787E7A2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9400:*:*:*:*:*:*",
"matchCriteriaId": "0261CF58-FB52-40F2-AFB2-F48E9D9F3673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9401:*:*:*:*:*:*",
"matchCriteriaId": "8AE37BD3-5FDE-4A0E-9741-60F9E764D7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9402:*:*:*:*:*:*",
"matchCriteriaId": "A6C7DD80-BCA4-4121-B1B3-50798BDA71B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9403:*:*:*:*:*:*",
"matchCriteriaId": "DCC29FD5-BD55-44BB-B8F3-8D04C23DB745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9404:*:*:*:*:*:*",
"matchCriteriaId": "551778C6-7F1F-425F-A6C9-5DB05B0A7079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9405:*:*:*:*:*:*",
"matchCriteriaId": "2A59669F-DA4C-4CA6-8707-A68F70D7CEF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9406:*:*:*:*:*:*",
"matchCriteriaId": "B01B3E70-E529-4152-97B8-98CE35582BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9407:*:*:*:*:*:*",
"matchCriteriaId": "81A265ED-AE4A-4458-81D1-CB8D7EE64442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9408:*:*:*:*:*:*",
"matchCriteriaId": "3CAE5F44-B29C-43D9-8F15-CA45AF9FBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9409:*:*:*:*:*:*",
"matchCriteriaId": "9A66E0C6-071B-4211-ADDD-0555222FEBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9410:*:*:*:*:*:*",
"matchCriteriaId": "A4F3A38F-F263-49C0-BE02-8F8C06E11153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9411:*:*:*:*:*:*",
"matchCriteriaId": "7995FB82-C17D-40A4-88E7-D2CB2D41F34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9412:*:*:*:*:*:*",
"matchCriteriaId": "A0D73AC6-9715-4ED5-9E9B-F25B9A4A9CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9413:*:*:*:*:*:*",
"matchCriteriaId": "BB66FAC9-E0D2-444E-9568-2556662B008B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9414:*:*:*:*:*:*",
"matchCriteriaId": "EF1F53F4-CAA0-4529-A951-263C5FD00270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9415:*:*:*:*:*:*",
"matchCriteriaId": "3F1F303C-DBAD-4019-833D-CC92CC3DF32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9416:*:*:*:*:*:*",
"matchCriteriaId": "1D8AEDA6-E161-4386-8E0F-424CB6F87CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9417:*:*:*:*:*:*",
"matchCriteriaId": "03FA25BC-B64A-4424-B7D3-97644BDF2015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9418:*:*:*:*:*:*",
"matchCriteriaId": "C5244D26-D896-4A8F-A9A7-0B1EC2CDDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9419:*:*:*:*:*:*",
"matchCriteriaId": "827EFFB4-E0E6-4F3B-8397-AE73A3D11B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9420:*:*:*:*:*:*",
"matchCriteriaId": "0A9B0CF3-FE52-4CA1-B1F7-A018FD121FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9421:*:*:*:*:*:*",
"matchCriteriaId": "C410A5F5-2415-4767-B120-80645B211013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9422:*:*:*:*:*:*",
"matchCriteriaId": "D261E9EC-EFFE-4206-A046-B66DFB8E696C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9423:*:*:*:*:*:*",
"matchCriteriaId": "778FE067-DAE0-483F-8C73-78906F43ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9424:*:*:*:*:*:*",
"matchCriteriaId": "5DB32A17-00B0-4424-88CD-C9C9253B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9425:*:*:*:*:*:*",
"matchCriteriaId": "F1E09302-1460-4909-8DA7-5904C448CA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9426:*:*:*:*:*:*",
"matchCriteriaId": "A4E0DF6C-1980-4634-9A10-740895379369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9427:*:*:*:*:*:*",
"matchCriteriaId": "F6553A33-8FF8-48B3-ACAF-C7CBAB6B8383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D82AD-4041-489A-B6BC-9122A5C4284D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97CABEC7-2B76-4B17-B906-1CB2B49515A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*",
"matchCriteriaId": "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*",
"matchCriteriaId": "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*",
"matchCriteriaId": "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*",
"matchCriteriaId": "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*",
"matchCriteriaId": "01754D60-5592-4193-A2DF-4CE12D30CF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*",
"matchCriteriaId": "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*",
"matchCriteriaId": "21DC1DA3-012F-4AF2-B6CA-968E50A503EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*",
"matchCriteriaId": "9DE94B05-7B6A-4912-8590-D9C1791F9B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*",
"matchCriteriaId": "16C27699-4157-4473-9FB3-01151B3E21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*",
"matchCriteriaId": "F9AC6EC8-E1CA-4889-8AF8-482649CF2139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*",
"matchCriteriaId": "4186B73E-0E0F-48E1-9A51-B90E228BDA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*",
"matchCriteriaId": "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*",
"matchCriteriaId": "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*",
"matchCriteriaId": "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*",
"matchCriteriaId": "1CD8BB75-E9F0-4675-835B-131C1B459138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*",
"matchCriteriaId": "32CFCFEF-FA96-405A-AF7A-A652371A44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*",
"matchCriteriaId": "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*",
"matchCriteriaId": "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*",
"matchCriteriaId": "9B48D8ED-0539-402C-92A0-0BE8F88ABA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*",
"matchCriteriaId": "20604986-B662-4553-A481-9AC2979C2871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*",
"matchCriteriaId": "FF77ADEA-AC44-49FF-BA41-C130FFD01F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*",
"matchCriteriaId": "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F10A782D-24BB-477D-B828-38FF8C008E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10500:*:*:*:*:*:*",
"matchCriteriaId": "EF3B542D-DC8F-4717-B0A8-4466BED2D113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10501:*:*:*:*:*:*",
"matchCriteriaId": "982C13E3-8FFD-4112-8866-76C8318BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10502:*:*:*:*:*:*",
"matchCriteriaId": "300DBEAF-859F-4EBC-919D-0FEDF83CF60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10503:*:*:*:*:*:*",
"matchCriteriaId": "8CD6A14F-CE77-41A5-8B11-7CE23A5156E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10504:*:*:*:*:*:*",
"matchCriteriaId": "E8DF283F-EC49-4930-9319-55562EE1274D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10505:*:*:*:*:*:*",
"matchCriteriaId": "58C762E2-9B16-4398-A130-5F7AE4171C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10506:*:*:*:*:*:*",
"matchCriteriaId": "CB6C1D7E-00AA-421F-9937-78A837AD41E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10507:*:*:*:*:*:*",
"matchCriteriaId": "100F898D-525D-4EC1-802D-63BA0EF5690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10508:*:*:*:*:*:*",
"matchCriteriaId": "259A3358-86C4-49AB-A113-F000AC076497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10509:*:*:*:*:*:*",
"matchCriteriaId": "897FFAD7-D739-4F54-B496-726DA42D1B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10510:*:*:*:*:*:*",
"matchCriteriaId": "D7DDEBCC-8375-4209-883C-CBF669F71DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10511:*:*:*:*:*:*",
"matchCriteriaId": "230A0B00-DE83-472A-A6F9-91DEF51C3756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10512:*:*:*:*:*:*",
"matchCriteriaId": "8DB3456E-E1AB-497E-80C4-4B039445146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10513:*:*:*:*:*:*",
"matchCriteriaId": "B86DFA37-FBBF-46A7-9350-C97A15514290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10514:*:*:*:*:*:*",
"matchCriteriaId": "44226AFE-5AA4-4D83-A85B-6BAB6B1B5609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BD81D0B5-4C34-4260-A35C-225BBCA3D71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "3C858317-2F95-4BA2-A9A0-F03BBC3CC2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "0D2B81A8-C2EE-4666-8D17-A09CCBE6E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BF4C5D27-877D-4E79-8634-CC6F2DCB66FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "01F753C4-11F6-4F65-8C38-3A308AA577E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "330149F0-BBE4-4890-B1A8-E96666927802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "D79D1272-025B-40E2-BE9D-141577DC1FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "725B0345-D7BD-4302-B81A-C17115FF1070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "2D0E9A21-D7CB-4129-925F-9D3105071FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "01750E0E-29E5-4FFA-8194-813FA363467E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "298623A4-60DF-41F6-B2FD-ED84E6D2C06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
"matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
"matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
"matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
"matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
"matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
"matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
"matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
"matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
"matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
"matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
"matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
"matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*",
"matchCriteriaId": "53E10E88-28AE-4F01-AE6E-C76CB3309F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*",
"matchCriteriaId": "1909D29B-7532-4C60-9F16-BD310022E2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*",
"matchCriteriaId": "8B5FA504-BFA4-4740-A3C0-B917AF301E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*",
"matchCriteriaId": "2694C1E1-7596-4183-9B09-4BB5BA5C5551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*",
"matchCriteriaId": "31A7FA61-399B-4778-828C-BB65548966AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*",
"matchCriteriaId": "E33CAA7E-2F7B-4833-94F6-6C0F607903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11118:*:*:*:*:*:*",
"matchCriteriaId": "2B9E544F-F9B0-4B19-977F-3232FB9E2D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11119:*:*:*:*:*:*",
"matchCriteriaId": "67FF6912-9756-4858-A424-322AC9996018",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file."
},
{
"lang": "es",
"value": "Un saneamiento de salida insuficiente en ManageEngine ServiceDesk Plus versiones anteriores a 11200 y ManageEngine AssetExplorer versiones anteriores a 6800, permite a un atacante remoto no autenticado conducir ataques de tipo cross-site scripting (XSS) persistente al cargar un archivo de activos XML dise\u00f1ado"
}
],
"id": "CVE-2021-20080",
"lastModified": "2024-11-21T05:45:53.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-09T18:15:13.523",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-11"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 14:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F10A782D-24BB-477D-B828-38FF8C008E85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Purchase component of Zoho ManageEngine ServiceDesk Plus. There is XSS via the SearchN.do search field, a different vulnerability than CVE-2019-12189."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el componente Purchase de ManageEngine ServiceDesk Plus de Zoho. Se presenta un problema de tipo XSS por medio del campo de b\u00fasqueda SearchN.do, una vulnerabilidad diferente a CVE-2019-12189."
}
],
"id": "CVE-2019-12539",
"lastModified": "2024-11-21T04:23:03.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T14:15:11.333",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-23 03:15
Modified
2024-11-21 07:22
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/CVE-2022-40770.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/CVE-2022-40770.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19B93A05-EDB4-4E02-926D-17E967ECBF91",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "B0B75973-355C-447E-BBEA-18459A5736C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*",
"matchCriteriaId": "7E45A9C9-EE09-493E-AE75-BACCD86B97EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*",
"matchCriteriaId": "4509077B-AD20-49B3-B23D-A0BC9E7A07E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*",
"matchCriteriaId": "2B5066A4-D8F9-452D-9686-49B5B33EE326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*",
"matchCriteriaId": "A221A081-71CD-437F-9FE2-6A255A816BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*",
"matchCriteriaId": "883692B3-A95D-46F5-9E52-7694AF30CBAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*",
"matchCriteriaId": "D3C36A1A-9E47-4343-936A-711C7234D125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*",
"matchCriteriaId": "D7875DEA-DE8F-4AF1-BCE7-FDF2A59C1DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*",
"matchCriteriaId": "702DC6C6-7EC3-4897-96E5-4F7DAED23170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:*",
"matchCriteriaId": "F4D2A501-3100-484B-A0B9-7BD10DB9D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:*",
"matchCriteriaId": "A2E24BFE-8EA8-4CDF-991B-A005E299518D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0647726-47C1-4CF5-91AA-E3E18776842C",
"versionEndExcluding": "10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "DD01521E-40B5-46D6-9A29-DABA18F11DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*",
"matchCriteriaId": "877000C8-0405-481D-95CC-72B783457401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*",
"matchCriteriaId": "1DC5243C-C10E-46A1-A71E-7E736FC651E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*",
"matchCriteriaId": "C17D5800-8A5A-44BE-ACE3-6FB21631551C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*",
"matchCriteriaId": "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*",
"matchCriteriaId": "C1671DFA-9DAA-41E5-9528-50F63D32FBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*",
"matchCriteriaId": "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*",
"matchCriteriaId": "B3BAC4E7-840F-461A-A0F9-6E29F5C43F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*",
"matchCriteriaId": "9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*",
"matchCriteriaId": "FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*",
"matchCriteriaId": "3D0F1C6C-878B-4E5E-BE82-1FC0B17CEF3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*",
"matchCriteriaId": "C40C9186-B510-401C-B934-3432C80A38A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*",
"matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*",
"matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*",
"matchCriteriaId": "34EFB9EF-269E-4A72-8357-2A54E8B78C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*",
"matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones 13010 y anteriores son vulnerables a la inyecci\u00f3n de comandos autenticados. Esto puede ser aprovechado por usuarios con altos privilegios."
}
],
"id": "CVE-2022-40770",
"lastModified": "2024-11-21T07:22:01.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-23T03:15:10.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-18 22:15
Modified
2024-11-21 04:22
Severity ?
Summary
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14FAD4FD-CD54-4FE7-A849-A4837D3413B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB71331-CB4A-41FD-AC26-90F833ED9D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380:*:*:*:*:*:*:*",
"matchCriteriaId": "643C7F9E-F838-421C-BB13-ECCFDF073C91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67C97619-847C-43B7-ADC8-B9B9833FA5DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCF81E8-5FEE-4178-9FB0-49CB377329BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC9E0-7B46-46AB-87D4-596993A15859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2AF501-8A1A-4BB8-B796-0AFCF379B23A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26D0B03D-B7B2-4E45-837A-C29DF895C065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB014B4E-EB9B-4B71-9E9C-EB28E254FBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7C3D36-6C00-488D-B862-68EC243A9348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11843753-531F-4D94-AC7F-F23D6EC8728F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B6B47F-EE8C-49C7-B2FF-B886C2D68849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3E409911-AB1C-47CA-9E69-484B7E16FC17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1451EC-1F96-42AF-BEC9-0D370E827643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F64E8AC1-A456-46B8-8940-A200C328A7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD30D38-181E-4397-98DF-A7BE8D745A10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "457BE370-7CAF-4010-AC8C-A059F4892408",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D50F7EAA-D965-4C81-867C-FE4FC0DC9BB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus."
},
{
"lang": "es",
"value": "Varios productos Zoho ManageEngine sufren una escalada de privilegios locales debido a permisos inapropiados para el directorio %SYSTEMDRIVE%\\ManageEngine y sus subcarpetas. Adem\u00e1s, los servicios asociados con dichos productos intentan ejecutar archivos binarios como sc.exe desde el directorio actual durante un inicio de sistema. Esto permitir\u00e1 efectivamente a los usuarios no privilegiados escalar sus privilegios a NT AUTHORITY\\SYSTEM. Esto afecta a Desktop Central versi\u00f3n 10.0.380, EventLog Analyzer versi\u00f3n 12.0.2, ServiceDesk Plus versi\u00f3n 10.0.0, SupportCenter Plus versi\u00f3n 8.1, O365 Manager Plus versi\u00f3n 4.0, Mobile Device Manager Plus versi\u00f3n 9.0.0, Patch Connect Plus versi\u00f3n 9.0.0, Vulnerability Manager Plus versi\u00f3n 9.0.0 , Patch Manager Plus versi\u00f3n 9.0.0, OpManager versi\u00f3n 12.3, NetFlow Analyzer versi\u00f3n 11.0, OpUtils versi\u00f3n 11.0, Network Configuration Manager versi\u00f3n 11.0, FireWall versi\u00f3n 12.0, Key Manager Plus versi\u00f3n 5.6, Password Manager Pro versi\u00f3n 9.9, Analytics Plus versi\u00f3n 1.0 y Browser Security Plus."
}
],
"id": "CVE-2019-12133",
"lastModified": "2024-11-21T04:22:17.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-18T22:15:12.027",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-007.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
},
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-23 15:15
Modified
2024-08-27 14:35
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "634F72F5-4770-47AC-B0E1-D04190B7B22D",
"versionEndIncluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.8:14810:*:*:*:*:*:*",
"matchCriteriaId": "34019F05-EB3F-4ACF-B46A-2ACD7D47F60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8FD5AF-A4AB-4D07-892C-07F3DF1D68F5",
"versionEndIncluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.8:14800:*:*:*:*:*:*",
"matchCriteriaId": "6E89A676-2FA1-4B92-89DA-67678F803C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3DD0B2-ABBE-489E-B2A1-53E387996F58",
"versionEndIncluding": "14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.8:14800:*:*:*:*:*:*",
"matchCriteriaId": "C6C2D0B5-AE61-4B74-AA50-3E7BFFB41761",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Stored Cross-site Scripting vulnerability in request module affects Zohocorp\u00a0ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting Almacenado en el m\u00f3dulo de solicitud afecta a Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP y SupportCenter Plus. Este problema afecta a las versiones de ServiceDesk Plus: hasta 14810; ServiceDesk Plus MSP: hasta 14800; SupportCenter Plus: hasta 14800."
}
],
"id": "CVE-2024-41150",
"lastModified": "2024-08-27T14:35:09.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2,
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-23T15:15:16.120",
"references": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2024-41150.html"
}
],
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-30 13:29
Modified
2024-11-21 04:09
Severity ?
Summary
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2018/Mar/58 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2018/Mar/58 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "176FD5D3-E780-4694-82AA-8499DFE64A88",
"versionEndExcluding": "9403",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139."
},
{
"lang": "es",
"value": "En Zoho ManageEngine ServiceDesk Plus en versiones anteriores a la 9403, un problema Cross-Site Scripting (XSS) permite que un atacante ejecute c\u00f3digo JavaScript arbitrario mediante un URI /api/request/?OPERATION_NAME=, tambi\u00e9n conocido como SD-69139."
}
],
"id": "CVE-2018-5799",
"lastModified": "2024-11-21T04:09:25.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-30T13:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/58"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2018/Mar/58"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 16:29
Modified
2024-11-21 03:35
Severity ?
Summary
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://labs.integrity.pt/advisories/cve-2017-9362 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.integrity.pt/advisories/cve-2017-9362 | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9164DE27-BE62-4EB3-B2F1-899A3D284DEC",
"versionEndExcluding": "9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API."
},
{
"lang": "es",
"value": "ManageEngine ServiceDesk Plus en sus versiones anteriores a la 9312 contiene una inyecci\u00f3n XML en los \u00edtems de adici\u00f3n de configuraci\u00f3n de la API CMDB."
}
],
"id": "CVE-2017-9362",
"lastModified": "2024-11-21T03:35:55.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T16:29:03.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9362"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-06 20:15
Modified
2024-11-21 07:51
Severity ?
Summary
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
"matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
"matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
"matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
"matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
"matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8049D8-8FE3-43CA-9568-AEA659776436",
"versionEndExcluding": "14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5CDE81A3-95A1-42FC-A526-5F343E73ABD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*",
"matchCriteriaId": "0575CC86-9321-4502-83C0-348DCE175EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*",
"matchCriteriaId": "D1B60D55-DE84-4BE8-A42D-98D133D3D228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*",
"matchCriteriaId": "B79CA06A-17DE-429A-A3C9-4FC28E907318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*",
"matchCriteriaId": "19C86206-29CB-4ABA-8979-19DF52B8CC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1FCF-76A0-40BC-A38F-56FCB713419F",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "79342FBF-8F53-4A9D-A021-6748FC42D777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001:*:*:*:*:*:*",
"matchCriteriaId": "0998F749-27E4-4C98-A027-939427640F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002:*:*:*:*:*:*",
"matchCriteriaId": "05694BAB-3210-47A6-8FAD-5AC84FBAD240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003:*:*:*:*:*:*",
"matchCriteriaId": "DD0F5553-E56E-4DFC-BEE1-62872D078886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13004:*:*:*:*:*:*",
"matchCriteriaId": "AE037B8B-AF47-454F-B8AC-F5E0E095E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3AE43EA7-9AA1-4EA7-8840-22BD543A093C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*",
"matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*",
"matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*",
"matchCriteriaId": "34EFB9EF-269E-4A72-8357-2A54E8B78C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*",
"matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11026:*:*:*:*:*:*",
"matchCriteriaId": "C83DD7D3-C3AF-4E56-B38E-B1C5F3EABCD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11027:*:*:*:*:*:*",
"matchCriteriaId": "A940CD15-8270-4935-9C46-9684E7735C99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports."
}
],
"id": "CVE-2023-26600",
"lastModified": "2024-11-21T07:51:49.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-06T20:15:09.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26600.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-06 22:15
Modified
2024-11-21 07:51
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
"matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
"matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
"matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
"matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
"matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8049D8-8FE3-43CA-9568-AEA659776436",
"versionEndExcluding": "14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5CDE81A3-95A1-42FC-A526-5F343E73ABD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*",
"matchCriteriaId": "0575CC86-9321-4502-83C0-348DCE175EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*",
"matchCriteriaId": "D1B60D55-DE84-4BE8-A42D-98D133D3D228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*",
"matchCriteriaId": "B79CA06A-17DE-429A-A3C9-4FC28E907318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*",
"matchCriteriaId": "19C86206-29CB-4ABA-8979-19DF52B8CC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E427ED35-3804-4448-BADE-6DD1E80D093F",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "6E368AC5-E3A5-44CE-8B6E-2454493764E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5563D0F3-ACFD-4F79-8428-12EF982E0F5F",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "B46588F2-4258-44C7-BCBE-40975D4CE27D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS)."
}
],
"id": "CVE-2023-26601",
"lastModified": "2024-11-21T07:51:50.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-06T22:15:09.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-26601.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2024-11-21 07:45
Severity ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F47FA243-5596-4E18-B7FA-F3301F5ADF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "B0B75973-355C-447E-BBEA-18459A5736C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*",
"matchCriteriaId": "7E45A9C9-EE09-493E-AE75-BACCD86B97EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*",
"matchCriteriaId": "4509077B-AD20-49B3-B23D-A0BC9E7A07E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*",
"matchCriteriaId": "2B5066A4-D8F9-452D-9686-49B5B33EE326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*",
"matchCriteriaId": "A221A081-71CD-437F-9FE2-6A255A816BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*",
"matchCriteriaId": "883692B3-A95D-46F5-9E52-7694AF30CBAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*",
"matchCriteriaId": "D3C36A1A-9E47-4343-936A-711C7234D125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*",
"matchCriteriaId": "D7875DEA-DE8F-4AF1-BCE7-FDF2A59C1DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*",
"matchCriteriaId": "702DC6C6-7EC3-4897-96E5-4F7DAED23170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:*",
"matchCriteriaId": "F4D2A501-3100-484B-A0B9-7BD10DB9D14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:*",
"matchCriteriaId": "A2E24BFE-8EA8-4CDF-991B-A005E299518D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13011:*:*:*:*:*:*",
"matchCriteriaId": "93E24D9D-333B-4EAB-AD78-E568FE2C07EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13012:*:*:*:*:*:*",
"matchCriteriaId": "CF090E94-1878-400A-8E4E-26F2E1161A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment."
}
],
"id": "CVE-2023-23077",
"lastModified": "2024-11-21T07:45:50.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T20:15:12.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006387693?tab=originator"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23077.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-12 02:15
Modified
2024-11-21 05:02
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/eLeN3Re/CVE-2020-14048 | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/eLeN3Re/CVE-2020-14048 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5B4536B5-8263-4D00-A7A4-1B286BB7B311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8201:*:*:*:*:*:*",
"matchCriteriaId": "24902805-615E-43C2-BB25-911B8D8ADE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8202:*:*:*:*:*:*",
"matchCriteriaId": "554F4EA8-601E-42C4-A154-150EC217A1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8203:*:*:*:*:*:*",
"matchCriteriaId": "92DFF866-8BF6-416D-BD33-EDA523D1E09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8204:*:*:*:*:*:*",
"matchCriteriaId": "E4A0EC51-3D07-4227-A157-4CA204FD02BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8205:*:*:*:*:*:*",
"matchCriteriaId": "9E9AAB0C-0DBD-47A7-8F0C-670FE85F5CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8206:*:*:*:*:*:*",
"matchCriteriaId": "D2C44765-DC25-40B9-82D5-AC143821755B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8207:*:*:*:*:*:*",
"matchCriteriaId": "937E95E7-E925-40FC-A112-6DA545EF6584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8208:*:*:*:*:*:*",
"matchCriteriaId": "7981B9EF-AA5D-4022-B2AB-2EE57A2B1DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8209:*:*:*:*:*:*",
"matchCriteriaId": "B6B85248-1BD3-4648-B0B3-BD9E98A92A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8210:*:*:*:*:*:*",
"matchCriteriaId": "AB274DBB-2B3D-4B7C-9B12-FC5CCABD0F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8211:*:*:*:*:*:*",
"matchCriteriaId": "F58D17A3-7395-42CB-A6A1-3362AC37CD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8212:*:*:*:*:*:*",
"matchCriteriaId": "98959391-6262-48D6-8546-C42A5D2489C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8213:*:*:*:*:*:*",
"matchCriteriaId": "E07DD7A7-7D58-4615-ABA3-718088A897FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8214:*:*:*:*:*:*",
"matchCriteriaId": "C911FE7F-2B93-44E2-BF4A-AF9344D1E3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8215:*:*:*:*:*:*",
"matchCriteriaId": "0CEC9CE1-0BE7-4434-B853-A2850EBEB3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8216:*:*:*:*:*:*",
"matchCriteriaId": "0E237ABD-4FB9-4DB9-94CE-69F01727799A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8217:*:*:*:*:*:*",
"matchCriteriaId": "6DEF0341-D42E-4C47-8224-704DD41F7D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "577B5A33-FC1D-4334-882E-7007CBF264D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9000:*:*:*:*:*:*",
"matchCriteriaId": "E2AEEE6B-0187-4D37-A042-170CBE780127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9001:*:*:*:*:*:*",
"matchCriteriaId": "0070815C-273A-45A7-BD4A-F0A4553D326E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9002:*:*:*:*:*:*",
"matchCriteriaId": "F81E4E47-E8DB-4983-8226-6C5E5A283EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9003:*:*:*:*:*:*",
"matchCriteriaId": "4297FC42-1E40-4AAE-B492-AF29DA0C2979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9004:*:*:*:*:*:*",
"matchCriteriaId": "04AA8545-FFFF-4731-BBFC-7BF577872F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9005:*:*:*:*:*:*",
"matchCriteriaId": "D83ACA73-42A4-43CF-B099-9842C935A8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9006:*:*:*:*:*:*",
"matchCriteriaId": "74698925-CD1A-483D-9F72-DF95599E9150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9007:*:*:*:*:*:*",
"matchCriteriaId": "1ADA7A20-BA3C-4537-8FB5-D5538C762790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9008:*:*:*:*:*:*",
"matchCriteriaId": "E29931D8-5840-4796-92D3-FD30FAC633FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9009:*:*:*:*:*:*",
"matchCriteriaId": "D4CBFDCE-9DAE-4541-A49E-C864BF849E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9010:*:*:*:*:*:*",
"matchCriteriaId": "02FEA14F-7656-43AF-8028-CBA7D0DA0AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9011:*:*:*:*:*:*",
"matchCriteriaId": "2FE60600-A21B-4153-8296-51EAA465CE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9012:*:*:*:*:*:*",
"matchCriteriaId": "A14D0484-66C4-4EF5-9601-9E533FD0AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9013:*:*:*:*:*:*",
"matchCriteriaId": "DC5D293D-A02C-422A-ADD8-FA6EDD72F4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9014:*:*:*:*:*:*",
"matchCriteriaId": "9B780FA5-AF88-4315-9C8A-9AAB8E8030A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9016:*:*:*:*:*:*",
"matchCriteriaId": "605575AD-C3C8-43A4-AB03-E9719F792324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9017:*:*:*:*:*:*",
"matchCriteriaId": "6EFA48CD-C990-4CFE-8C4C-2449D3A3E665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9018:*:*:*:*:*:*",
"matchCriteriaId": "14E92F04-550A-4ED9-AF4E-DD7E9F5E15E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9019:*:*:*:*:*:*",
"matchCriteriaId": "E9DACA83-23CF-4C8D-B5A1-1A1A7AEC20FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9020:*:*:*:*:*:*",
"matchCriteriaId": "B2733446-DFA8-4B15-A50F-BB6E07D5927E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9021:*:*:*:*:*:*",
"matchCriteriaId": "10DBE5B0-7E17-413A-AAA8-5F0DEFD6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9022:*:*:*:*:*:*",
"matchCriteriaId": "744C7BC5-3053-493E-8F1E-52B875EA66F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9023:*:*:*:*:*:*",
"matchCriteriaId": "24444021-610D-4EF2-BB1A-EB70CD2A5F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9024:*:*:*:*:*:*",
"matchCriteriaId": "0594BCB0-F5A5-4F2D-B024-13AC67AA4B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9025:*:*:*:*:*:*",
"matchCriteriaId": "004E66AE-F871-45D1-A47A-F27462167C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9026:*:*:*:*:*:*",
"matchCriteriaId": "18248546-B217-47A3-8EC1-C71E4358F5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9027:*:*:*:*:*:*",
"matchCriteriaId": "160FD535-5B72-4182-9828-725BAF335DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9028:*:*:*:*:*:*",
"matchCriteriaId": "49692C35-49DC-4EE5-B360-16078A94D968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9029:*:*:*:*:*:*",
"matchCriteriaId": "47A9D8FE-E92F-4136-B212-C42541653781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9030:*:*:*:*:*:*",
"matchCriteriaId": "A266AC34-BDF8-4D65-82C9-85D69C509BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9031:*:*:*:*:*:*",
"matchCriteriaId": "A2EFEE24-1C21-488E-B286-656D25B758BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9032:*:*:*:*:*:*",
"matchCriteriaId": "5903D3C4-BF84-4CEB-95E9-60C8D4E69D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9033:*:*:*:*:*:*",
"matchCriteriaId": "42C571A1-70D4-48DF-8037-31FE362AA7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9034:*:*:*:*:*:*",
"matchCriteriaId": "768B75E8-7EAE-4AE6-98BB-A90193A678B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9035:*:*:*:*:*:*",
"matchCriteriaId": "3150232F-41A2-4098-81F9-CEF1A60B2F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9036:*:*:*:*:*:*",
"matchCriteriaId": "7850BA73-70CD-4047-AE49-56C5373E20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9037:*:*:*:*:*:*",
"matchCriteriaId": "134755A0-28D8-4495-B443-A092C5C0E4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9038:*:*:*:*:*:*",
"matchCriteriaId": "D4594C2E-E003-4586-BAF8-DC687347EFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9039:*:*:*:*:*:*",
"matchCriteriaId": "06A9CD32-A6E3-4BFE-8501-FB63000731D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9040:*:*:*:*:*:*",
"matchCriteriaId": "DBBB3BA2-0FEB-4883-B742-64C478A37B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9041:*:*:*:*:*:*",
"matchCriteriaId": "793E9796-D53B-4293-9ECA-4B6EB8E217F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9042:*:*:*:*:*:*",
"matchCriteriaId": "62244706-A31F-48B8-B35D-C4B0AABAC678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9043:*:*:*:*:*:*",
"matchCriteriaId": "5DD600F0-DF69-474C-B2ED-8551BF9F25FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9044:*:*:*:*:*:*",
"matchCriteriaId": "9D087887-925B-4D03-A04B-110D59A6BC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9045:*:*:*:*:*:*",
"matchCriteriaId": "8556C499-F15B-4538-BE38-AD1112917F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9046:*:*:*:*:*:*",
"matchCriteriaId": "9300D81A-196A-4C76-ACC1-FE063E1A8CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9047:*:*:*:*:*:*",
"matchCriteriaId": "A7529CE5-C62D-4676-A2F2-15E76F66BD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9048:*:*:*:*:*:*",
"matchCriteriaId": "E0C73A49-8143-4C35-95AB-31BB56C80438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9049:*:*:*:*:*:*",
"matchCriteriaId": "3F1E996E-FB6A-4F65-9A48-52029627AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "71BB9EF4-882F-4339-A088-DFD3EE1296D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9100:*:*:*:*:*:*",
"matchCriteriaId": "C79B3F6A-7AE0-487E-8044-B6C15E9C21E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9101:*:*:*:*:*:*",
"matchCriteriaId": "977BF207-74F1-4D9D-BFF9-BF63469E260E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9102:*:*:*:*:*:*",
"matchCriteriaId": "1EBB9679-E791-4926-9155-99C894F26EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9103:*:*:*:*:*:*",
"matchCriteriaId": "E3FA3476-AEEC-47E6-A2DF-19B24A4CA9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9104:*:*:*:*:*:*",
"matchCriteriaId": "035C0A12-BB52-448B-8B34-C62083A60917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9105:*:*:*:*:*:*",
"matchCriteriaId": "C74B8E40-88E9-495E-980E-20AA69BE4E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9106:*:*:*:*:*:*",
"matchCriteriaId": "CF088327-2D8E-4409-852C-BFF68E6D7449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9107:*:*:*:*:*:*",
"matchCriteriaId": "6B8EEE98-CE3E-4D63-AEBE-C0061B7F1CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9108:*:*:*:*:*:*",
"matchCriteriaId": "F7738BD7-CA9D-443B-A743-69B96243956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9109:*:*:*:*:*:*",
"matchCriteriaId": "6801BD3B-5B95-410B-ABD8-3E1729856615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9110:*:*:*:*:*:*",
"matchCriteriaId": "5F6F567B-E445-45B1-ACB6-C61628F39962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9111:*:*:*:*:*:*",
"matchCriteriaId": "C066567A-E5A2-48CA-8EAF-2919FC499569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9112:*:*:*:*:*:*",
"matchCriteriaId": "B060B925-FDE8-48B3-BF41-32E828ACC5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9113:*:*:*:*:*:*",
"matchCriteriaId": "48C1DC18-3FA3-4709-8251-EB9AD370E529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9114:*:*:*:*:*:*",
"matchCriteriaId": "8A46CF84-1258-4217-97E1-B387BAA40A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9115:*:*:*:*:*:*",
"matchCriteriaId": "F8DA4A28-1151-4BFB-A9A0-9BC128FDD57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9116:*:*:*:*:*:*",
"matchCriteriaId": "9C7D2FB4-22D5-4A58-AB8E-2B543A57CCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9117:*:*:*:*:*:*",
"matchCriteriaId": "799B4970-767F-4207-AACF-2F1AAE09DE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9118:*:*:*:*:*:*",
"matchCriteriaId": "068C757A-03A5-4AB2-825F-675028C8E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9119:*:*:*:*:*:*",
"matchCriteriaId": "CB0BFAA6-2D92-4FEA-AFDF-1FB005C64CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9120:*:*:*:*:*:*",
"matchCriteriaId": "412C04A6-F5FD-4EBB-8FCE-BE489D726352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9121:*:*:*:*:*:*",
"matchCriteriaId": "842FF39B-7EC2-42AE-8B98-006D8E455A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5272F67C-EBCE-46B5-BF68-DB183704BE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9200:*:*:*:*:*:*",
"matchCriteriaId": "DB4472B8-232E-4700-B376-2006005F0F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9201:*:*:*:*:*:*",
"matchCriteriaId": "01A82F61-8882-419F-9715-3A636F5FBD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9202:*:*:*:*:*:*",
"matchCriteriaId": "87F8B3E1-8936-470A-BB41-5E5EEC2B86F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9203:*:*:*:*:*:*",
"matchCriteriaId": "D18E2BB1-3F3B-42BA-8CC0-43627C6B676E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9204:*:*:*:*:*:*",
"matchCriteriaId": "9B2EE162-C6DE-4182-93A0-021A5410E83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9205:*:*:*:*:*:*",
"matchCriteriaId": "C420A37E-E89A-472D-B605-0943F21C0592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9206:*:*:*:*:*:*",
"matchCriteriaId": "80BF4466-5244-4238-AD69-66697E5B30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9207:*:*:*:*:*:*",
"matchCriteriaId": "54DFDAB9-540E-4388-9FA0-9CAE93FDD78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9208:*:*:*:*:*:*",
"matchCriteriaId": "72D32098-2C3C-4EA0-BFE0-127DA43DF136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9209:*:*:*:*:*:*",
"matchCriteriaId": "6CD17130-56ED-4460-844D-B877F7E9EB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9210:*:*:*:*:*:*",
"matchCriteriaId": "67C76DD0-258A-4D39-8694-0191B608FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9211:*:*:*:*:*:*",
"matchCriteriaId": "0522B2B2-5647-46AF-AAAE-F86DDACA790B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9212:*:*:*:*:*:*",
"matchCriteriaId": "524258FD-71A0-4E2D-BE58-2500944EDAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9213:*:*:*:*:*:*",
"matchCriteriaId": "3529FA8F-A5F5-44DF-9E77-80C9DA7F8ED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9214:*:*:*:*:*:*",
"matchCriteriaId": "1117F600-7DA8-4FB7-8CE0-D5EE8194A3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9215:*:*:*:*:*:*",
"matchCriteriaId": "907FE1F5-9F3B-4B06-A89D-CA842BB956AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9216:*:*:*:*:*:*",
"matchCriteriaId": "5707EB1A-2D06-4FDE-AC23-4EF391018423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9217:*:*:*:*:*:*",
"matchCriteriaId": "03A1E00A-5EEC-4DD8-9A6B-732A140E4F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9218:*:*:*:*:*:*",
"matchCriteriaId": "DF75E79B-5680-4E72-9597-12C9A32FB075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9219:*:*:*:*:*:*",
"matchCriteriaId": "03DF444A-CA6E-426B-BC7E-2F1E73E4E5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9220:*:*:*:*:*:*",
"matchCriteriaId": "0BE8B99C-0D4F-4BB1-AE62-8FBC1A0F3C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9221:*:*:*:*:*:*",
"matchCriteriaId": "47B69879-E65E-4C31-AC89-C872AF7C7736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9222:*:*:*:*:*:*",
"matchCriteriaId": "BE7E7D41-BE15-4439-AB25-65F1FA4A27EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9223:*:*:*:*:*:*",
"matchCriteriaId": "2008020E-9A7C-42A7-BCA7-DB8A27F5AD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9224:*:*:*:*:*:*",
"matchCriteriaId": "2550C2F0-97B2-49FF-B7EF-D4AD7BA6CFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9225:*:*:*:*:*:*",
"matchCriteriaId": "D3177C32-5A5D-44B4-BD9B-A261EE536098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9226:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB83F-5E79-4DD8-AC70-36EE7BB88C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9227:*:*:*:*:*:*",
"matchCriteriaId": "68922363-7E1B-42EE-8F29-F19F7AD54F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9228:*:*:*:*:*:*",
"matchCriteriaId": "3C1D71E8-AD75-4019-9D8D-BCF1C30F16CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9229:*:*:*:*:*:*",
"matchCriteriaId": "B28D8431-61FF-4943-9EBE-C0C824B9206F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9230:*:*:*:*:*:*",
"matchCriteriaId": "00F9A491-EDBB-4C72-A598-03AD807046AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9231:*:*:*:*:*:*",
"matchCriteriaId": "1DBA185A-70DE-4919-89F8-9DF1CA17FB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9232:*:*:*:*:*:*",
"matchCriteriaId": "789190B8-4EAA-4D57-9B59-D30C2183E3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9233:*:*:*:*:*:*",
"matchCriteriaId": "0655B57A-0A51-4541-AF81-EBA9E7A200A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9234:*:*:*:*:*:*",
"matchCriteriaId": "CF4F0539-649F-41FD-8BB6-7158183A670C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9235:*:*:*:*:*:*",
"matchCriteriaId": "8DD9A63F-309F-423F-98AB-86007CED2C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9236:*:*:*:*:*:*",
"matchCriteriaId": "E7389397-03A6-48C6-98AC-7273E3CEF7D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9237:*:*:*:*:*:*",
"matchCriteriaId": "CC5E6061-FC5D-4201-BD39-3862556F4E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9238:*:*:*:*:*:*",
"matchCriteriaId": "0D33A187-CE61-4A39-8BF7-8A65871C54BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9239:*:*:*:*:*:*",
"matchCriteriaId": "C42C7942-7F44-42A7-882E-D69CB93620E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9240:*:*:*:*:*:*",
"matchCriteriaId": "11FD12A0-12FC-4D45-8F5A-86D039D5194A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9241:*:*:*:*:*:*",
"matchCriteriaId": "A006266D-5686-4867-A9B9-BCAE40B69FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9242:*:*:*:*:*:*",
"matchCriteriaId": "967FC7F6-3580-4DCE-A7F0-7C27D0D9FAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:-:*:*:*:*:*:*",
"matchCriteriaId": "28144D4F-B106-466E-97FE-95792AF01EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9300:*:*:*:*:*:*",
"matchCriteriaId": "45E23A86-2DFB-419B-AD19-1A63E0D12203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9301:*:*:*:*:*:*",
"matchCriteriaId": "D6E8AD08-4E3C-4503-A582-B6CEDAE362B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9302:*:*:*:*:*:*",
"matchCriteriaId": "2E3824C3-8B4C-4C52-AC13-3911BEE11A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9303:*:*:*:*:*:*",
"matchCriteriaId": "52500AC3-F89B-4A95-8C44-B74DA14EF9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9304:*:*:*:*:*:*",
"matchCriteriaId": "1A2C7747-9D88-4962-B8F6-0B4309D0F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9305:*:*:*:*:*:*",
"matchCriteriaId": "E788E5CD-4274-42A1-9974-30E0380D87F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9306:*:*:*:*:*:*",
"matchCriteriaId": "BD942532-B9A1-4F7B-8E1B-C456516E7168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9307:*:*:*:*:*:*",
"matchCriteriaId": "6F16D144-7DDA-4151-8763-FC846BF114EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9308:*:*:*:*:*:*",
"matchCriteriaId": "43AF43F0-A9E2-4A3F-8011-D52B9D5A2A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9309:*:*:*:*:*:*",
"matchCriteriaId": "B70C28C0-77C2-4A77-8958-A055EB307008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9310:*:*:*:*:*:*",
"matchCriteriaId": "BE28CD2C-2B3A-43CF-BDA4-D98852D75EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9311:*:*:*:*:*:*",
"matchCriteriaId": "BD8C312B-8348-4476-B0C3-1544F2D378F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9312:*:*:*:*:*:*",
"matchCriteriaId": "F56255C6-9E9A-48C4-A83A-C8FA8EEE2190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9313:*:*:*:*:*:*",
"matchCriteriaId": "2510E11A-992C-4ED7-9338-AF3B7BBA7160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9314:*:*:*:*:*:*",
"matchCriteriaId": "778D0E3E-E77B-44BD-8155-5464405C8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9315:*:*:*:*:*:*",
"matchCriteriaId": "D708A96D-F89E-44D0-B655-6A8BD1D08B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9316:*:*:*:*:*:*",
"matchCriteriaId": "4524947C-3F09-4DC7-BE0E-B695BC4C00EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*",
"matchCriteriaId": "FA1D85B3-8327-4032-96A1-CF3EAF477160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9318:*:*:*:*:*:*",
"matchCriteriaId": "78B40A2C-6289-4581-AA84-58FF00DF8861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9319:*:*:*:*:*:*",
"matchCriteriaId": "26C645F1-4C43-4D82-B223-2A037A154466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9320:*:*:*:*:*:*",
"matchCriteriaId": "FA95FDD5-5530-4B25-9702-12A39FF49F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9321:*:*:*:*:*:*",
"matchCriteriaId": "4B8CA6EF-F82C-40A7-B8B4-476082E8F6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9322:*:*:*:*:*:*",
"matchCriteriaId": "27627445-9D74-4A82-80C1-17D32B7FF498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9323:*:*:*:*:*:*",
"matchCriteriaId": "C5C1BB5D-890E-4A9D-9F2F-68C18DB6BB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9324:*:*:*:*:*:*",
"matchCriteriaId": "3DA73624-42A9-4FB6-B04A-A06AAE3550AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9325:*:*:*:*:*:*",
"matchCriteriaId": "488F83E8-B1C3-4FF9-82AA-6E849146716A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9326:*:*:*:*:*:*",
"matchCriteriaId": "B68BF79E-EBB3-4427-AF00-818368FB2873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9327:*:*:*:*:*:*",
"matchCriteriaId": "32795B52-2EBE-49D5-9CF2-7809E07D9773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9328:*:*:*:*:*:*",
"matchCriteriaId": "BB5FB7E0-7480-4621-A891-F0B146362068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9329:*:*:*:*:*:*",
"matchCriteriaId": "01DCE8C6-9F6F-492F-836A-F2959D4D6B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9330:*:*:*:*:*:*",
"matchCriteriaId": "99E9D0C9-98B1-40C9-AB15-ED26C2FD3618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9331:*:*:*:*:*:*",
"matchCriteriaId": "6939C42F-7B4E-4D63-B2A3-45624307AE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9332:*:*:*:*:*:*",
"matchCriteriaId": "61804D75-F80A-4432-9872-3CCF74719AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9333:*:*:*:*:*:*",
"matchCriteriaId": "84B391A6-11E1-4269-8697-1ED54420B4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9334:*:*:*:*:*:*",
"matchCriteriaId": "D8FFC18D-60E1-4E0C-9E1B-73CEEC751882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9335:*:*:*:*:*:*",
"matchCriteriaId": "B09F30F9-2EF8-4E93-BD62-E57A553F5BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9336:*:*:*:*:*:*",
"matchCriteriaId": "6E8AAA4B-9A8B-4C62-AFAC-D16AD4B4BF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1A5B76DE-A0AA-430C-B28F-C9787E7A2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9400:*:*:*:*:*:*",
"matchCriteriaId": "0261CF58-FB52-40F2-AFB2-F48E9D9F3673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9401:*:*:*:*:*:*",
"matchCriteriaId": "8AE37BD3-5FDE-4A0E-9741-60F9E764D7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9402:*:*:*:*:*:*",
"matchCriteriaId": "A6C7DD80-BCA4-4121-B1B3-50798BDA71B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9403:*:*:*:*:*:*",
"matchCriteriaId": "DCC29FD5-BD55-44BB-B8F3-8D04C23DB745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9404:*:*:*:*:*:*",
"matchCriteriaId": "551778C6-7F1F-425F-A6C9-5DB05B0A7079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9405:*:*:*:*:*:*",
"matchCriteriaId": "2A59669F-DA4C-4CA6-8707-A68F70D7CEF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9406:*:*:*:*:*:*",
"matchCriteriaId": "B01B3E70-E529-4152-97B8-98CE35582BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9407:*:*:*:*:*:*",
"matchCriteriaId": "81A265ED-AE4A-4458-81D1-CB8D7EE64442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9408:*:*:*:*:*:*",
"matchCriteriaId": "3CAE5F44-B29C-43D9-8F15-CA45AF9FBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9409:*:*:*:*:*:*",
"matchCriteriaId": "9A66E0C6-071B-4211-ADDD-0555222FEBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9410:*:*:*:*:*:*",
"matchCriteriaId": "A4F3A38F-F263-49C0-BE02-8F8C06E11153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9411:*:*:*:*:*:*",
"matchCriteriaId": "7995FB82-C17D-40A4-88E7-D2CB2D41F34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9412:*:*:*:*:*:*",
"matchCriteriaId": "A0D73AC6-9715-4ED5-9E9B-F25B9A4A9CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9413:*:*:*:*:*:*",
"matchCriteriaId": "BB66FAC9-E0D2-444E-9568-2556662B008B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9414:*:*:*:*:*:*",
"matchCriteriaId": "EF1F53F4-CAA0-4529-A951-263C5FD00270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9415:*:*:*:*:*:*",
"matchCriteriaId": "3F1F303C-DBAD-4019-833D-CC92CC3DF32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9416:*:*:*:*:*:*",
"matchCriteriaId": "1D8AEDA6-E161-4386-8E0F-424CB6F87CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9417:*:*:*:*:*:*",
"matchCriteriaId": "03FA25BC-B64A-4424-B7D3-97644BDF2015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9418:*:*:*:*:*:*",
"matchCriteriaId": "C5244D26-D896-4A8F-A9A7-0B1EC2CDDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9419:*:*:*:*:*:*",
"matchCriteriaId": "827EFFB4-E0E6-4F3B-8397-AE73A3D11B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9420:*:*:*:*:*:*",
"matchCriteriaId": "0A9B0CF3-FE52-4CA1-B1F7-A018FD121FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9421:*:*:*:*:*:*",
"matchCriteriaId": "C410A5F5-2415-4767-B120-80645B211013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9422:*:*:*:*:*:*",
"matchCriteriaId": "D261E9EC-EFFE-4206-A046-B66DFB8E696C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9423:*:*:*:*:*:*",
"matchCriteriaId": "778FE067-DAE0-483F-8C73-78906F43ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9424:*:*:*:*:*:*",
"matchCriteriaId": "5DB32A17-00B0-4424-88CD-C9C9253B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9425:*:*:*:*:*:*",
"matchCriteriaId": "F1E09302-1460-4909-8DA7-5904C448CA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9426:*:*:*:*:*:*",
"matchCriteriaId": "A4E0DF6C-1980-4634-9A10-740895379369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9427:*:*:*:*:*:*",
"matchCriteriaId": "F6553A33-8FF8-48B3-ACAF-C7CBAB6B8383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97CABEC7-2B76-4B17-B906-1CB2B49515A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*",
"matchCriteriaId": "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*",
"matchCriteriaId": "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*",
"matchCriteriaId": "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*",
"matchCriteriaId": "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*",
"matchCriteriaId": "01754D60-5592-4193-A2DF-4CE12D30CF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*",
"matchCriteriaId": "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*",
"matchCriteriaId": "21DC1DA3-012F-4AF2-B6CA-968E50A503EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*",
"matchCriteriaId": "9DE94B05-7B6A-4912-8590-D9C1791F9B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*",
"matchCriteriaId": "16C27699-4157-4473-9FB3-01151B3E21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*",
"matchCriteriaId": "F9AC6EC8-E1CA-4889-8AF8-482649CF2139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*",
"matchCriteriaId": "4186B73E-0E0F-48E1-9A51-B90E228BDA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*",
"matchCriteriaId": "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*",
"matchCriteriaId": "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*",
"matchCriteriaId": "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*",
"matchCriteriaId": "1CD8BB75-E9F0-4675-835B-131C1B459138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*",
"matchCriteriaId": "32CFCFEF-FA96-405A-AF7A-A652371A44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*",
"matchCriteriaId": "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*",
"matchCriteriaId": "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*",
"matchCriteriaId": "9B48D8ED-0539-402C-92A0-0BE8F88ABA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*",
"matchCriteriaId": "20604986-B662-4553-A481-9AC2979C2871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*",
"matchCriteriaId": "FF77ADEA-AC44-49FF-BA41-C130FFD01F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*",
"matchCriteriaId": "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F10A782D-24BB-477D-B828-38FF8C008E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10500:*:*:*:*:*:*",
"matchCriteriaId": "EF3B542D-DC8F-4717-B0A8-4466BED2D113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10501:*:*:*:*:*:*",
"matchCriteriaId": "982C13E3-8FFD-4112-8866-76C8318BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10502:*:*:*:*:*:*",
"matchCriteriaId": "300DBEAF-859F-4EBC-919D-0FEDF83CF60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10503:*:*:*:*:*:*",
"matchCriteriaId": "8CD6A14F-CE77-41A5-8B11-7CE23A5156E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10504:*:*:*:*:*:*",
"matchCriteriaId": "E8DF283F-EC49-4930-9319-55562EE1274D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10505:*:*:*:*:*:*",
"matchCriteriaId": "58C762E2-9B16-4398-A130-5F7AE4171C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10506:*:*:*:*:*:*",
"matchCriteriaId": "CB6C1D7E-00AA-421F-9937-78A837AD41E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10507:*:*:*:*:*:*",
"matchCriteriaId": "100F898D-525D-4EC1-802D-63BA0EF5690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10508:*:*:*:*:*:*",
"matchCriteriaId": "259A3358-86C4-49AB-A113-F000AC076497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10509:*:*:*:*:*:*",
"matchCriteriaId": "897FFAD7-D739-4F54-B496-726DA42D1B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10510:*:*:*:*:*:*",
"matchCriteriaId": "D7DDEBCC-8375-4209-883C-CBF669F71DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10511:*:*:*:*:*:*",
"matchCriteriaId": "230A0B00-DE83-472A-A6F9-91DEF51C3756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10512:*:*:*:*:*:*",
"matchCriteriaId": "8DB3456E-E1AB-497E-80C4-4B039445146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10513:*:*:*:*:*:*",
"matchCriteriaId": "B86DFA37-FBBF-46A7-9350-C97A15514290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10514:*:*:*:*:*:*",
"matchCriteriaId": "44226AFE-5AA4-4D83-A85B-6BAB6B1B5609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BD81D0B5-4C34-4260-A35C-225BBCA3D71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "3C858317-2F95-4BA2-A9A0-F03BBC3CC2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "0D2B81A8-C2EE-4666-8D17-A09CCBE6E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BF4C5D27-877D-4E79-8634-CC6F2DCB66FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "01F753C4-11F6-4F65-8C38-3A308AA577E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "330149F0-BBE4-4890-B1A8-E96666927802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "D79D1272-025B-40E2-BE9D-141577DC1FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "725B0345-D7BD-4302-B81A-C17115FF1070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "2D0E9A21-D7CB-4129-925F-9D3105071FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "01750E0E-29E5-4FFA-8194-813FA363467E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "298623A4-60DF-41F6-B2FD-ED84E6D2C06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
"matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
"matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
"matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
"matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
"matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
"matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
"matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
"matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
"matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
"matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
"matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
"matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*",
"matchCriteriaId": "53E10E88-28AE-4F01-AE6E-C76CB3309F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*",
"matchCriteriaId": "1909D29B-7532-4C60-9F16-BD310022E2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*",
"matchCriteriaId": "8B5FA504-BFA4-4740-A3C0-B917AF301E72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11.1, build 11115, permite a atacantes remotos no autenticados cambiar el estado de instalaci\u00f3n de los agentes desplegados"
}
],
"id": "CVE-2020-14048",
"lastModified": "2024-11-21T05:02:26.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-12T02:15:10.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-14048"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-14048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-17 04:29
Modified
2025-02-04 21:15
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107129 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46413/ | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107129 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46413/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457A9C68-714A-4B93-8BF6-C9851E7CEAD5",
"versionEndExcluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus (SDP), en versiones anteriores a la 10.0 build 10012, permite que los atacantes remotos suban archivos arbitrarios mediante la personalizaci\u00f3n de la p\u00e1gina de inicio."
}
],
"id": "CVE-2019-8394",
"lastModified": "2025-02-04T21:15:19.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-02-17T04:29:00.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107129"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46413/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46413/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 15:15
Modified
2024-11-21 06:31
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.1:-:*:*:*:*:*:*",
"matchCriteriaId": "94616708-8F58-4E87-BAE5-73133FE433D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5B4536B5-8263-4D00-A7A4-1B286BB7B311",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8201:*:*:*:*:*:*",
"matchCriteriaId": "24902805-615E-43C2-BB25-911B8D8ADE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8202:*:*:*:*:*:*",
"matchCriteriaId": "554F4EA8-601E-42C4-A154-150EC217A1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8203:*:*:*:*:*:*",
"matchCriteriaId": "92DFF866-8BF6-416D-BD33-EDA523D1E09C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8204:*:*:*:*:*:*",
"matchCriteriaId": "E4A0EC51-3D07-4227-A157-4CA204FD02BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8205:*:*:*:*:*:*",
"matchCriteriaId": "9E9AAB0C-0DBD-47A7-8F0C-670FE85F5CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8206:*:*:*:*:*:*",
"matchCriteriaId": "D2C44765-DC25-40B9-82D5-AC143821755B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8207:*:*:*:*:*:*",
"matchCriteriaId": "937E95E7-E925-40FC-A112-6DA545EF6584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8208:*:*:*:*:*:*",
"matchCriteriaId": "7981B9EF-AA5D-4022-B2AB-2EE57A2B1DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8209:*:*:*:*:*:*",
"matchCriteriaId": "B6B85248-1BD3-4648-B0B3-BD9E98A92A18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8210:*:*:*:*:*:*",
"matchCriteriaId": "AB274DBB-2B3D-4B7C-9B12-FC5CCABD0F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8211:*:*:*:*:*:*",
"matchCriteriaId": "F58D17A3-7395-42CB-A6A1-3362AC37CD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8212:*:*:*:*:*:*",
"matchCriteriaId": "98959391-6262-48D6-8546-C42A5D2489C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8213:*:*:*:*:*:*",
"matchCriteriaId": "E07DD7A7-7D58-4615-ABA3-718088A897FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8214:*:*:*:*:*:*",
"matchCriteriaId": "C911FE7F-2B93-44E2-BF4A-AF9344D1E3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8215:*:*:*:*:*:*",
"matchCriteriaId": "0CEC9CE1-0BE7-4434-B853-A2850EBEB3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8216:*:*:*:*:*:*",
"matchCriteriaId": "0E237ABD-4FB9-4DB9-94CE-69F01727799A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:8.2:8217:*:*:*:*:*:*",
"matchCriteriaId": "6DEF0341-D42E-4C47-8224-704DD41F7D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:-:*:*:*:*:*:*",
"matchCriteriaId": "577B5A33-FC1D-4334-882E-7007CBF264D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9000:*:*:*:*:*:*",
"matchCriteriaId": "E2AEEE6B-0187-4D37-A042-170CBE780127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9001:*:*:*:*:*:*",
"matchCriteriaId": "0070815C-273A-45A7-BD4A-F0A4553D326E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9002:*:*:*:*:*:*",
"matchCriteriaId": "F81E4E47-E8DB-4983-8226-6C5E5A283EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9003:*:*:*:*:*:*",
"matchCriteriaId": "4297FC42-1E40-4AAE-B492-AF29DA0C2979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9004:*:*:*:*:*:*",
"matchCriteriaId": "04AA8545-FFFF-4731-BBFC-7BF577872F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9005:*:*:*:*:*:*",
"matchCriteriaId": "D83ACA73-42A4-43CF-B099-9842C935A8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9006:*:*:*:*:*:*",
"matchCriteriaId": "74698925-CD1A-483D-9F72-DF95599E9150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9007:*:*:*:*:*:*",
"matchCriteriaId": "1ADA7A20-BA3C-4537-8FB5-D5538C762790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9008:*:*:*:*:*:*",
"matchCriteriaId": "E29931D8-5840-4796-92D3-FD30FAC633FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9009:*:*:*:*:*:*",
"matchCriteriaId": "D4CBFDCE-9DAE-4541-A49E-C864BF849E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9010:*:*:*:*:*:*",
"matchCriteriaId": "02FEA14F-7656-43AF-8028-CBA7D0DA0AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9011:*:*:*:*:*:*",
"matchCriteriaId": "2FE60600-A21B-4153-8296-51EAA465CE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9012:*:*:*:*:*:*",
"matchCriteriaId": "A14D0484-66C4-4EF5-9601-9E533FD0AAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9013:*:*:*:*:*:*",
"matchCriteriaId": "DC5D293D-A02C-422A-ADD8-FA6EDD72F4FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9014:*:*:*:*:*:*",
"matchCriteriaId": "9B780FA5-AF88-4315-9C8A-9AAB8E8030A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9016:*:*:*:*:*:*",
"matchCriteriaId": "605575AD-C3C8-43A4-AB03-E9719F792324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9017:*:*:*:*:*:*",
"matchCriteriaId": "6EFA48CD-C990-4CFE-8C4C-2449D3A3E665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9018:*:*:*:*:*:*",
"matchCriteriaId": "14E92F04-550A-4ED9-AF4E-DD7E9F5E15E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9019:*:*:*:*:*:*",
"matchCriteriaId": "E9DACA83-23CF-4C8D-B5A1-1A1A7AEC20FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9020:*:*:*:*:*:*",
"matchCriteriaId": "B2733446-DFA8-4B15-A50F-BB6E07D5927E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9021:*:*:*:*:*:*",
"matchCriteriaId": "10DBE5B0-7E17-413A-AAA8-5F0DEFD6D479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9022:*:*:*:*:*:*",
"matchCriteriaId": "744C7BC5-3053-493E-8F1E-52B875EA66F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9023:*:*:*:*:*:*",
"matchCriteriaId": "24444021-610D-4EF2-BB1A-EB70CD2A5F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9024:*:*:*:*:*:*",
"matchCriteriaId": "0594BCB0-F5A5-4F2D-B024-13AC67AA4B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9025:*:*:*:*:*:*",
"matchCriteriaId": "004E66AE-F871-45D1-A47A-F27462167C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9026:*:*:*:*:*:*",
"matchCriteriaId": "18248546-B217-47A3-8EC1-C71E4358F5B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9027:*:*:*:*:*:*",
"matchCriteriaId": "160FD535-5B72-4182-9828-725BAF335DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9028:*:*:*:*:*:*",
"matchCriteriaId": "49692C35-49DC-4EE5-B360-16078A94D968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9029:*:*:*:*:*:*",
"matchCriteriaId": "47A9D8FE-E92F-4136-B212-C42541653781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9030:*:*:*:*:*:*",
"matchCriteriaId": "A266AC34-BDF8-4D65-82C9-85D69C509BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9031:*:*:*:*:*:*",
"matchCriteriaId": "A2EFEE24-1C21-488E-B286-656D25B758BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9032:*:*:*:*:*:*",
"matchCriteriaId": "5903D3C4-BF84-4CEB-95E9-60C8D4E69D9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9033:*:*:*:*:*:*",
"matchCriteriaId": "42C571A1-70D4-48DF-8037-31FE362AA7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9034:*:*:*:*:*:*",
"matchCriteriaId": "768B75E8-7EAE-4AE6-98BB-A90193A678B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9035:*:*:*:*:*:*",
"matchCriteriaId": "3150232F-41A2-4098-81F9-CEF1A60B2F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9036:*:*:*:*:*:*",
"matchCriteriaId": "7850BA73-70CD-4047-AE49-56C5373E20A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9037:*:*:*:*:*:*",
"matchCriteriaId": "134755A0-28D8-4495-B443-A092C5C0E4EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9038:*:*:*:*:*:*",
"matchCriteriaId": "D4594C2E-E003-4586-BAF8-DC687347EFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9039:*:*:*:*:*:*",
"matchCriteriaId": "06A9CD32-A6E3-4BFE-8501-FB63000731D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9040:*:*:*:*:*:*",
"matchCriteriaId": "DBBB3BA2-0FEB-4883-B742-64C478A37B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9041:*:*:*:*:*:*",
"matchCriteriaId": "793E9796-D53B-4293-9ECA-4B6EB8E217F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9042:*:*:*:*:*:*",
"matchCriteriaId": "62244706-A31F-48B8-B35D-C4B0AABAC678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9043:*:*:*:*:*:*",
"matchCriteriaId": "5DD600F0-DF69-474C-B2ED-8551BF9F25FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9044:*:*:*:*:*:*",
"matchCriteriaId": "9D087887-925B-4D03-A04B-110D59A6BC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9045:*:*:*:*:*:*",
"matchCriteriaId": "8556C499-F15B-4538-BE38-AD1112917F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9046:*:*:*:*:*:*",
"matchCriteriaId": "9300D81A-196A-4C76-ACC1-FE063E1A8CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9047:*:*:*:*:*:*",
"matchCriteriaId": "A7529CE5-C62D-4676-A2F2-15E76F66BD57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9048:*:*:*:*:*:*",
"matchCriteriaId": "E0C73A49-8143-4C35-95AB-31BB56C80438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.0:9049:*:*:*:*:*:*",
"matchCriteriaId": "3F1E996E-FB6A-4F65-9A48-52029627AFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:-:*:*:*:*:*:*",
"matchCriteriaId": "71BB9EF4-882F-4339-A088-DFD3EE1296D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9100:*:*:*:*:*:*",
"matchCriteriaId": "C79B3F6A-7AE0-487E-8044-B6C15E9C21E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9101:*:*:*:*:*:*",
"matchCriteriaId": "977BF207-74F1-4D9D-BFF9-BF63469E260E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9102:*:*:*:*:*:*",
"matchCriteriaId": "1EBB9679-E791-4926-9155-99C894F26EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9103:*:*:*:*:*:*",
"matchCriteriaId": "E3FA3476-AEEC-47E6-A2DF-19B24A4CA9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9104:*:*:*:*:*:*",
"matchCriteriaId": "035C0A12-BB52-448B-8B34-C62083A60917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9105:*:*:*:*:*:*",
"matchCriteriaId": "C74B8E40-88E9-495E-980E-20AA69BE4E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9106:*:*:*:*:*:*",
"matchCriteriaId": "CF088327-2D8E-4409-852C-BFF68E6D7449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9107:*:*:*:*:*:*",
"matchCriteriaId": "6B8EEE98-CE3E-4D63-AEBE-C0061B7F1CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9108:*:*:*:*:*:*",
"matchCriteriaId": "F7738BD7-CA9D-443B-A743-69B96243956B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9109:*:*:*:*:*:*",
"matchCriteriaId": "6801BD3B-5B95-410B-ABD8-3E1729856615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9110:*:*:*:*:*:*",
"matchCriteriaId": "5F6F567B-E445-45B1-ACB6-C61628F39962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9111:*:*:*:*:*:*",
"matchCriteriaId": "C066567A-E5A2-48CA-8EAF-2919FC499569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9112:*:*:*:*:*:*",
"matchCriteriaId": "B060B925-FDE8-48B3-BF41-32E828ACC5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9113:*:*:*:*:*:*",
"matchCriteriaId": "48C1DC18-3FA3-4709-8251-EB9AD370E529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9114:*:*:*:*:*:*",
"matchCriteriaId": "8A46CF84-1258-4217-97E1-B387BAA40A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9115:*:*:*:*:*:*",
"matchCriteriaId": "F8DA4A28-1151-4BFB-A9A0-9BC128FDD57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9116:*:*:*:*:*:*",
"matchCriteriaId": "9C7D2FB4-22D5-4A58-AB8E-2B543A57CCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9117:*:*:*:*:*:*",
"matchCriteriaId": "799B4970-767F-4207-AACF-2F1AAE09DE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9118:*:*:*:*:*:*",
"matchCriteriaId": "068C757A-03A5-4AB2-825F-675028C8E5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9119:*:*:*:*:*:*",
"matchCriteriaId": "CB0BFAA6-2D92-4FEA-AFDF-1FB005C64CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9120:*:*:*:*:*:*",
"matchCriteriaId": "412C04A6-F5FD-4EBB-8FCE-BE489D726352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.1:9121:*:*:*:*:*:*",
"matchCriteriaId": "842FF39B-7EC2-42AE-8B98-006D8E455A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5272F67C-EBCE-46B5-BF68-DB183704BE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9200:*:*:*:*:*:*",
"matchCriteriaId": "DB4472B8-232E-4700-B376-2006005F0F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9201:*:*:*:*:*:*",
"matchCriteriaId": "01A82F61-8882-419F-9715-3A636F5FBD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9202:*:*:*:*:*:*",
"matchCriteriaId": "87F8B3E1-8936-470A-BB41-5E5EEC2B86F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9203:*:*:*:*:*:*",
"matchCriteriaId": "D18E2BB1-3F3B-42BA-8CC0-43627C6B676E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9204:*:*:*:*:*:*",
"matchCriteriaId": "9B2EE162-C6DE-4182-93A0-021A5410E83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9205:*:*:*:*:*:*",
"matchCriteriaId": "C420A37E-E89A-472D-B605-0943F21C0592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9206:*:*:*:*:*:*",
"matchCriteriaId": "80BF4466-5244-4238-AD69-66697E5B30B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9207:*:*:*:*:*:*",
"matchCriteriaId": "54DFDAB9-540E-4388-9FA0-9CAE93FDD78F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9208:*:*:*:*:*:*",
"matchCriteriaId": "72D32098-2C3C-4EA0-BFE0-127DA43DF136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9209:*:*:*:*:*:*",
"matchCriteriaId": "6CD17130-56ED-4460-844D-B877F7E9EB6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9210:*:*:*:*:*:*",
"matchCriteriaId": "67C76DD0-258A-4D39-8694-0191B608FDCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9211:*:*:*:*:*:*",
"matchCriteriaId": "0522B2B2-5647-46AF-AAAE-F86DDACA790B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9212:*:*:*:*:*:*",
"matchCriteriaId": "524258FD-71A0-4E2D-BE58-2500944EDAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9213:*:*:*:*:*:*",
"matchCriteriaId": "3529FA8F-A5F5-44DF-9E77-80C9DA7F8ED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9214:*:*:*:*:*:*",
"matchCriteriaId": "1117F600-7DA8-4FB7-8CE0-D5EE8194A3F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9215:*:*:*:*:*:*",
"matchCriteriaId": "907FE1F5-9F3B-4B06-A89D-CA842BB956AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9216:*:*:*:*:*:*",
"matchCriteriaId": "5707EB1A-2D06-4FDE-AC23-4EF391018423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9217:*:*:*:*:*:*",
"matchCriteriaId": "03A1E00A-5EEC-4DD8-9A6B-732A140E4F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9218:*:*:*:*:*:*",
"matchCriteriaId": "DF75E79B-5680-4E72-9597-12C9A32FB075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9219:*:*:*:*:*:*",
"matchCriteriaId": "03DF444A-CA6E-426B-BC7E-2F1E73E4E5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9220:*:*:*:*:*:*",
"matchCriteriaId": "0BE8B99C-0D4F-4BB1-AE62-8FBC1A0F3C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9221:*:*:*:*:*:*",
"matchCriteriaId": "47B69879-E65E-4C31-AC89-C872AF7C7736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9222:*:*:*:*:*:*",
"matchCriteriaId": "BE7E7D41-BE15-4439-AB25-65F1FA4A27EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9223:*:*:*:*:*:*",
"matchCriteriaId": "2008020E-9A7C-42A7-BCA7-DB8A27F5AD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9224:*:*:*:*:*:*",
"matchCriteriaId": "2550C2F0-97B2-49FF-B7EF-D4AD7BA6CFCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9225:*:*:*:*:*:*",
"matchCriteriaId": "D3177C32-5A5D-44B4-BD9B-A261EE536098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9226:*:*:*:*:*:*",
"matchCriteriaId": "EF5DB83F-5E79-4DD8-AC70-36EE7BB88C30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9227:*:*:*:*:*:*",
"matchCriteriaId": "68922363-7E1B-42EE-8F29-F19F7AD54F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9228:*:*:*:*:*:*",
"matchCriteriaId": "3C1D71E8-AD75-4019-9D8D-BCF1C30F16CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9229:*:*:*:*:*:*",
"matchCriteriaId": "B28D8431-61FF-4943-9EBE-C0C824B9206F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9230:*:*:*:*:*:*",
"matchCriteriaId": "00F9A491-EDBB-4C72-A598-03AD807046AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9231:*:*:*:*:*:*",
"matchCriteriaId": "1DBA185A-70DE-4919-89F8-9DF1CA17FB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9232:*:*:*:*:*:*",
"matchCriteriaId": "789190B8-4EAA-4D57-9B59-D30C2183E3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9233:*:*:*:*:*:*",
"matchCriteriaId": "0655B57A-0A51-4541-AF81-EBA9E7A200A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9234:*:*:*:*:*:*",
"matchCriteriaId": "CF4F0539-649F-41FD-8BB6-7158183A670C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9235:*:*:*:*:*:*",
"matchCriteriaId": "8DD9A63F-309F-423F-98AB-86007CED2C7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9236:*:*:*:*:*:*",
"matchCriteriaId": "E7389397-03A6-48C6-98AC-7273E3CEF7D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9237:*:*:*:*:*:*",
"matchCriteriaId": "CC5E6061-FC5D-4201-BD39-3862556F4E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9238:*:*:*:*:*:*",
"matchCriteriaId": "0D33A187-CE61-4A39-8BF7-8A65871C54BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9239:*:*:*:*:*:*",
"matchCriteriaId": "C42C7942-7F44-42A7-882E-D69CB93620E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9240:*:*:*:*:*:*",
"matchCriteriaId": "11FD12A0-12FC-4D45-8F5A-86D039D5194A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9241:*:*:*:*:*:*",
"matchCriteriaId": "A006266D-5686-4867-A9B9-BCAE40B69FAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.2:9242:*:*:*:*:*:*",
"matchCriteriaId": "967FC7F6-3580-4DCE-A7F0-7C27D0D9FAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:-:*:*:*:*:*:*",
"matchCriteriaId": "28144D4F-B106-466E-97FE-95792AF01EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9300:*:*:*:*:*:*",
"matchCriteriaId": "45E23A86-2DFB-419B-AD19-1A63E0D12203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9301:*:*:*:*:*:*",
"matchCriteriaId": "D6E8AD08-4E3C-4503-A582-B6CEDAE362B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9302:*:*:*:*:*:*",
"matchCriteriaId": "2E3824C3-8B4C-4C52-AC13-3911BEE11A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9303:*:*:*:*:*:*",
"matchCriteriaId": "52500AC3-F89B-4A95-8C44-B74DA14EF9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9304:*:*:*:*:*:*",
"matchCriteriaId": "1A2C7747-9D88-4962-B8F6-0B4309D0F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9305:*:*:*:*:*:*",
"matchCriteriaId": "E788E5CD-4274-42A1-9974-30E0380D87F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9306:*:*:*:*:*:*",
"matchCriteriaId": "BD942532-B9A1-4F7B-8E1B-C456516E7168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9307:*:*:*:*:*:*",
"matchCriteriaId": "6F16D144-7DDA-4151-8763-FC846BF114EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9308:*:*:*:*:*:*",
"matchCriteriaId": "43AF43F0-A9E2-4A3F-8011-D52B9D5A2A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9309:*:*:*:*:*:*",
"matchCriteriaId": "B70C28C0-77C2-4A77-8958-A055EB307008",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9310:*:*:*:*:*:*",
"matchCriteriaId": "BE28CD2C-2B3A-43CF-BDA4-D98852D75EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9311:*:*:*:*:*:*",
"matchCriteriaId": "BD8C312B-8348-4476-B0C3-1544F2D378F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9312:*:*:*:*:*:*",
"matchCriteriaId": "F56255C6-9E9A-48C4-A83A-C8FA8EEE2190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9313:*:*:*:*:*:*",
"matchCriteriaId": "2510E11A-992C-4ED7-9338-AF3B7BBA7160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9314:*:*:*:*:*:*",
"matchCriteriaId": "778D0E3E-E77B-44BD-8155-5464405C8691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9315:*:*:*:*:*:*",
"matchCriteriaId": "D708A96D-F89E-44D0-B655-6A8BD1D08B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9316:*:*:*:*:*:*",
"matchCriteriaId": "4524947C-3F09-4DC7-BE0E-B695BC4C00EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*",
"matchCriteriaId": "FA1D85B3-8327-4032-96A1-CF3EAF477160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9318:*:*:*:*:*:*",
"matchCriteriaId": "78B40A2C-6289-4581-AA84-58FF00DF8861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9319:*:*:*:*:*:*",
"matchCriteriaId": "26C645F1-4C43-4D82-B223-2A037A154466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9320:*:*:*:*:*:*",
"matchCriteriaId": "FA95FDD5-5530-4B25-9702-12A39FF49F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9321:*:*:*:*:*:*",
"matchCriteriaId": "4B8CA6EF-F82C-40A7-B8B4-476082E8F6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9322:*:*:*:*:*:*",
"matchCriteriaId": "27627445-9D74-4A82-80C1-17D32B7FF498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9323:*:*:*:*:*:*",
"matchCriteriaId": "C5C1BB5D-890E-4A9D-9F2F-68C18DB6BB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9324:*:*:*:*:*:*",
"matchCriteriaId": "3DA73624-42A9-4FB6-B04A-A06AAE3550AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9325:*:*:*:*:*:*",
"matchCriteriaId": "488F83E8-B1C3-4FF9-82AA-6E849146716A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9326:*:*:*:*:*:*",
"matchCriteriaId": "B68BF79E-EBB3-4427-AF00-818368FB2873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9327:*:*:*:*:*:*",
"matchCriteriaId": "32795B52-2EBE-49D5-9CF2-7809E07D9773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9328:*:*:*:*:*:*",
"matchCriteriaId": "BB5FB7E0-7480-4621-A891-F0B146362068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9329:*:*:*:*:*:*",
"matchCriteriaId": "01DCE8C6-9F6F-492F-836A-F2959D4D6B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9330:*:*:*:*:*:*",
"matchCriteriaId": "99E9D0C9-98B1-40C9-AB15-ED26C2FD3618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9331:*:*:*:*:*:*",
"matchCriteriaId": "6939C42F-7B4E-4D63-B2A3-45624307AE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9332:*:*:*:*:*:*",
"matchCriteriaId": "61804D75-F80A-4432-9872-3CCF74719AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9333:*:*:*:*:*:*",
"matchCriteriaId": "84B391A6-11E1-4269-8697-1ED54420B4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9334:*:*:*:*:*:*",
"matchCriteriaId": "D8FFC18D-60E1-4E0C-9E1B-73CEEC751882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9335:*:*:*:*:*:*",
"matchCriteriaId": "B09F30F9-2EF8-4E93-BD62-E57A553F5BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9336:*:*:*:*:*:*",
"matchCriteriaId": "6E8AAA4B-9A8B-4C62-AFAC-D16AD4B4BF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1A5B76DE-A0AA-430C-B28F-C9787E7A2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9400:*:*:*:*:*:*",
"matchCriteriaId": "0261CF58-FB52-40F2-AFB2-F48E9D9F3673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9401:*:*:*:*:*:*",
"matchCriteriaId": "8AE37BD3-5FDE-4A0E-9741-60F9E764D7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9402:*:*:*:*:*:*",
"matchCriteriaId": "A6C7DD80-BCA4-4121-B1B3-50798BDA71B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9403:*:*:*:*:*:*",
"matchCriteriaId": "DCC29FD5-BD55-44BB-B8F3-8D04C23DB745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9404:*:*:*:*:*:*",
"matchCriteriaId": "551778C6-7F1F-425F-A6C9-5DB05B0A7079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9405:*:*:*:*:*:*",
"matchCriteriaId": "2A59669F-DA4C-4CA6-8707-A68F70D7CEF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9406:*:*:*:*:*:*",
"matchCriteriaId": "B01B3E70-E529-4152-97B8-98CE35582BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9407:*:*:*:*:*:*",
"matchCriteriaId": "81A265ED-AE4A-4458-81D1-CB8D7EE64442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9408:*:*:*:*:*:*",
"matchCriteriaId": "3CAE5F44-B29C-43D9-8F15-CA45AF9FBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9409:*:*:*:*:*:*",
"matchCriteriaId": "9A66E0C6-071B-4211-ADDD-0555222FEBB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9410:*:*:*:*:*:*",
"matchCriteriaId": "A4F3A38F-F263-49C0-BE02-8F8C06E11153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9411:*:*:*:*:*:*",
"matchCriteriaId": "7995FB82-C17D-40A4-88E7-D2CB2D41F34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9412:*:*:*:*:*:*",
"matchCriteriaId": "A0D73AC6-9715-4ED5-9E9B-F25B9A4A9CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9413:*:*:*:*:*:*",
"matchCriteriaId": "BB66FAC9-E0D2-444E-9568-2556662B008B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9414:*:*:*:*:*:*",
"matchCriteriaId": "EF1F53F4-CAA0-4529-A951-263C5FD00270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9415:*:*:*:*:*:*",
"matchCriteriaId": "3F1F303C-DBAD-4019-833D-CC92CC3DF32E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9416:*:*:*:*:*:*",
"matchCriteriaId": "1D8AEDA6-E161-4386-8E0F-424CB6F87CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9417:*:*:*:*:*:*",
"matchCriteriaId": "03FA25BC-B64A-4424-B7D3-97644BDF2015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9418:*:*:*:*:*:*",
"matchCriteriaId": "C5244D26-D896-4A8F-A9A7-0B1EC2CDDC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9419:*:*:*:*:*:*",
"matchCriteriaId": "827EFFB4-E0E6-4F3B-8397-AE73A3D11B94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9420:*:*:*:*:*:*",
"matchCriteriaId": "0A9B0CF3-FE52-4CA1-B1F7-A018FD121FEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9421:*:*:*:*:*:*",
"matchCriteriaId": "C410A5F5-2415-4767-B120-80645B211013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9422:*:*:*:*:*:*",
"matchCriteriaId": "D261E9EC-EFFE-4206-A046-B66DFB8E696C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9423:*:*:*:*:*:*",
"matchCriteriaId": "778FE067-DAE0-483F-8C73-78906F43ED02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9424:*:*:*:*:*:*",
"matchCriteriaId": "5DB32A17-00B0-4424-88CD-C9C9253B14E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9425:*:*:*:*:*:*",
"matchCriteriaId": "F1E09302-1460-4909-8DA7-5904C448CA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9426:*:*:*:*:*:*",
"matchCriteriaId": "A4E0DF6C-1980-4634-9A10-740895379369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.4:9427:*:*:*:*:*:*",
"matchCriteriaId": "F6553A33-8FF8-48B3-ACAF-C7CBAB6B8383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0D82AD-4041-489A-B6BC-9122A5C4284D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97CABEC7-2B76-4B17-B906-1CB2B49515A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*",
"matchCriteriaId": "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*",
"matchCriteriaId": "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*",
"matchCriteriaId": "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*",
"matchCriteriaId": "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*",
"matchCriteriaId": "01754D60-5592-4193-A2DF-4CE12D30CF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*",
"matchCriteriaId": "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*",
"matchCriteriaId": "21DC1DA3-012F-4AF2-B6CA-968E50A503EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*",
"matchCriteriaId": "9DE94B05-7B6A-4912-8590-D9C1791F9B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*",
"matchCriteriaId": "16C27699-4157-4473-9FB3-01151B3E21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*",
"matchCriteriaId": "F9AC6EC8-E1CA-4889-8AF8-482649CF2139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*",
"matchCriteriaId": "4186B73E-0E0F-48E1-9A51-B90E228BDA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*",
"matchCriteriaId": "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*",
"matchCriteriaId": "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*",
"matchCriteriaId": "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*",
"matchCriteriaId": "1CD8BB75-E9F0-4675-835B-131C1B459138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*",
"matchCriteriaId": "32CFCFEF-FA96-405A-AF7A-A652371A44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*",
"matchCriteriaId": "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*",
"matchCriteriaId": "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*",
"matchCriteriaId": "9B48D8ED-0539-402C-92A0-0BE8F88ABA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*",
"matchCriteriaId": "20604986-B662-4553-A481-9AC2979C2871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*",
"matchCriteriaId": "FF77ADEA-AC44-49FF-BA41-C130FFD01F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*",
"matchCriteriaId": "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:-:*:*:*:*:*:*",
"matchCriteriaId": "F10A782D-24BB-477D-B828-38FF8C008E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10500:*:*:*:*:*:*",
"matchCriteriaId": "EF3B542D-DC8F-4717-B0A8-4466BED2D113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10501:*:*:*:*:*:*",
"matchCriteriaId": "982C13E3-8FFD-4112-8866-76C8318BA394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10502:*:*:*:*:*:*",
"matchCriteriaId": "300DBEAF-859F-4EBC-919D-0FEDF83CF60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10503:*:*:*:*:*:*",
"matchCriteriaId": "8CD6A14F-CE77-41A5-8B11-7CE23A5156E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10504:*:*:*:*:*:*",
"matchCriteriaId": "E8DF283F-EC49-4930-9319-55562EE1274D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10505:*:*:*:*:*:*",
"matchCriteriaId": "58C762E2-9B16-4398-A130-5F7AE4171C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10506:*:*:*:*:*:*",
"matchCriteriaId": "CB6C1D7E-00AA-421F-9937-78A837AD41E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10507:*:*:*:*:*:*",
"matchCriteriaId": "100F898D-525D-4EC1-802D-63BA0EF5690A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10508:*:*:*:*:*:*",
"matchCriteriaId": "259A3358-86C4-49AB-A113-F000AC076497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10509:*:*:*:*:*:*",
"matchCriteriaId": "897FFAD7-D739-4F54-B496-726DA42D1B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10510:*:*:*:*:*:*",
"matchCriteriaId": "D7DDEBCC-8375-4209-883C-CBF669F71DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10511:*:*:*:*:*:*",
"matchCriteriaId": "230A0B00-DE83-472A-A6F9-91DEF51C3756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10512:*:*:*:*:*:*",
"matchCriteriaId": "8DB3456E-E1AB-497E-80C4-4B039445146D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10513:*:*:*:*:*:*",
"matchCriteriaId": "B86DFA37-FBBF-46A7-9350-C97A15514290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10514:*:*:*:*:*:*",
"matchCriteriaId": "44226AFE-5AA4-4D83-A85B-6BAB6B1B5609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:10515:*:*:*:*:*:*",
"matchCriteriaId": "F83D794D-0078-4862-9313-AEE75AC32978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BD81D0B5-4C34-4260-A35C-225BBCA3D71A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "3C858317-2F95-4BA2-A9A0-F03BBC3CC2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "0D2B81A8-C2EE-4666-8D17-A09CCBE6E789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BF4C5D27-877D-4E79-8634-CC6F2DCB66FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "01F753C4-11F6-4F65-8C38-3A308AA577E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "330149F0-BBE4-4890-B1A8-E96666927802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "D79D1272-025B-40E2-BE9D-141577DC1FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "725B0345-D7BD-4302-B81A-C17115FF1070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "2D0E9A21-D7CB-4129-925F-9D3105071FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "01750E0E-29E5-4FFA-8194-813FA363467E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "D8774F16-1A2C-4A91-B132-DE8B1D29DB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "1235545F-4C33-4636-9B71-3321B72204F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "298623A4-60DF-41F6-B2FD-ED84E6D2C06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
"matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
"matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
"matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
"matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
"matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
"matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
"matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
"matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
"matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
"matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
"matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
"matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*",
"matchCriteriaId": "53E10E88-28AE-4F01-AE6E-C76CB3309F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*",
"matchCriteriaId": "1909D29B-7532-4C60-9F16-BD310022E2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*",
"matchCriteriaId": "8B5FA504-BFA4-4740-A3C0-B917AF301E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*",
"matchCriteriaId": "2694C1E1-7596-4183-9B09-4BB5BA5C5551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*",
"matchCriteriaId": "31A7FA61-399B-4778-828C-BB65548966AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*",
"matchCriteriaId": "E33CAA7E-2F7B-4833-94F6-6C0F607903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11118:*:*:*:*:*:*",
"matchCriteriaId": "81D5E4BB-41F6-46B7-98C7-43DE55785496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11119:*:*:*:*:*:*",
"matchCriteriaId": "8400D7D8-D03D-4A5C-B533-A640A648238D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11120:*:*:*:*:*:*",
"matchCriteriaId": "21E4107F-A0DC-4A53-9352-A442B563599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11121:*:*:*:*:*:*",
"matchCriteriaId": "42B90217-2981-4B2A-BB29-BF36F4C1494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11122:*:*:*:*:*:*",
"matchCriteriaId": "A96B5C8D-5689-405D-ADD7-8BA0E9755EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11123:*:*:*:*:*:*",
"matchCriteriaId": "0B621910-3AE7-4E92-9B6D-C015A8D4AC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11124:*:*:*:*:*:*",
"matchCriteriaId": "9E480891-A40B-4184-B06D-26EC583FBA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11125:*:*:*:*:*:*",
"matchCriteriaId": "8D8905CE-F981-4034-8193-533A4930D518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11126:*:*:*:*:*:*",
"matchCriteriaId": "79FBA595-2CDC-45E8-8840-34D17F09A5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11127:*:*:*:*:*:*",
"matchCriteriaId": "D462AC9D-8731-49D9-A760-5013B496C8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11128:*:*:*:*:*:*",
"matchCriteriaId": "332AB05B-3DC2-493F-8DB8-7DA93531D9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11129:*:*:*:*:*:*",
"matchCriteriaId": "A9ED77FC-F359-48AA-8A48-4009B25992D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11130:*:*:*:*:*:*",
"matchCriteriaId": "98C4DC91-985F-413E-9F6F-27E93C1125E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11131:*:*:*:*:*:*",
"matchCriteriaId": "6841D87A-97FD-415B-931C-6407A36A1E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11132:*:*:*:*:*:*",
"matchCriteriaId": "D1C4B37D-6983-430C-91C5-635D7EF51A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11133:*:*:*:*:*:*",
"matchCriteriaId": "4E959106-3183-4D8A-888D-6379DC33234D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11134:*:*:*:*:*:*",
"matchCriteriaId": "72C74691-300E-4CD7-AD57-594586B12669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11135:*:*:*:*:*:*",
"matchCriteriaId": "1F60565E-3BDA-4BE3-B013-1BF4469B8B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11136:*:*:*:*:*:*",
"matchCriteriaId": "6BD8A92A-AC27-4914-B36D-94829478D47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11137:*:*:*:*:*:*",
"matchCriteriaId": "7ED4E888-2EFA-4F7F-9503-59F34FF720D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*",
"matchCriteriaId": "106A06E5-56E8-41D3-A059-7DA6737DABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*",
"matchCriteriaId": "401AEAD2-183D-4E55-94AD-D24A9BE46D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*",
"matchCriteriaId": "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*",
"matchCriteriaId": "417D6E6A-C16A-4A76-8D65-31340834233E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*",
"matchCriteriaId": "1A040A5B-8C2A-4557-AB5E-1427B0F1E889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*",
"matchCriteriaId": "207A81A8-02EF-4793-B047-46581BF7E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*",
"matchCriteriaId": "194BEECD-F877-4D28-A534-E965D69C9EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*",
"matchCriteriaId": "8EA1D3D0-696F-4FFE-9CDE-B69071FA574E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11146:*:*:*:*:*:*",
"matchCriteriaId": "3F596CC7-20D0-4C88-9184-B5814ECB2E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11147:*:*:*:*:*:*",
"matchCriteriaId": "A8DD80CE-37AF-4EBB-8213-7A388CB38C8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11118:*:*:*:*:*:*",
"matchCriteriaId": "2B9E544F-F9B0-4B19-977F-3232FB9E2D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11119:*:*:*:*:*:*",
"matchCriteriaId": "67FF6912-9756-4858-A424-322AC9996018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11120:*:*:*:*:*:*",
"matchCriteriaId": "138FA16F-7164-47C2-8AD7-273A73D10DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11121:*:*:*:*:*:*",
"matchCriteriaId": "4160EAF2-DD38-4B93-871A-52D546B52F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11122:*:*:*:*:*:*",
"matchCriteriaId": "04553055-32E7-47AA-B7AE-D32AC0B6F778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11123:*:*:*:*:*:*",
"matchCriteriaId": "7BD4A89D-CA7A-444E-AAC3-B10F4070231A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11124:*:*:*:*:*:*",
"matchCriteriaId": "686E8E20-BF86-4E3E-8D94-35D762D42DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11125:*:*:*:*:*:*",
"matchCriteriaId": "84581E5D-5E93-49AC-BF7B-034AC0C79801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11126:*:*:*:*:*:*",
"matchCriteriaId": "C69A7EAC-F01B-4EEF-A7CE-C3234BAC0AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11127:*:*:*:*:*:*",
"matchCriteriaId": "3EC36761-7620-433B-A08D-F5AA700F0CC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11128:*:*:*:*:*:*",
"matchCriteriaId": "ED25C1C4-2CB5-4895-BCC8-235B1136480A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11129:*:*:*:*:*:*",
"matchCriteriaId": "FCD1128E-6CF1-41EA-BC9B-8CD72F68694D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11130:*:*:*:*:*:*",
"matchCriteriaId": "B9F2B0B2-B317-4211-A7D6-1F7D0ED29FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11131:*:*:*:*:*:*",
"matchCriteriaId": "2655E19A-4899-450B-B5CE-239962512F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11132:*:*:*:*:*:*",
"matchCriteriaId": "121210A6-F8DA-4C55-B6D1-EAA521692112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11133:*:*:*:*:*:*",
"matchCriteriaId": "CBDFE981-6BF7-414A-8D15-CC8019504E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11134:*:*:*:*:*:*",
"matchCriteriaId": "40EF9276-1770-4DD9-9AA9-EAD350AA9894",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11135:*:*:*:*:*:*",
"matchCriteriaId": "AF6F3EB6-B32D-4963-9BA1-0DCCD0AFD165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11136:*:*:*:*:*:*",
"matchCriteriaId": "C48B79D4-2033-49AB-80EC-46AB66E6594A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11137:*:*:*:*:*:*",
"matchCriteriaId": "346F65B2-2BB0-4CE1-9E75-4AA227C62333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11138:*:*:*:*:*:*",
"matchCriteriaId": "628A777B-3E19-473D-880B-60A76044ECD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11139:*:*:*:*:*:*",
"matchCriteriaId": "6A3F477B-E1E0-4E43-AD86-D7B2C9F368D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11140:*:*:*:*:*:*",
"matchCriteriaId": "A1493E55-D2D0-49AC-8A7C-9A60F676A1A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11141:*:*:*:*:*:*",
"matchCriteriaId": "5672C8D3-AE5C-4187-B6E1-2C8B5907A98E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11142:*:*:*:*:*:*",
"matchCriteriaId": "EB92812B-F3DD-4D9F-A522-D0C3AC84FE7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11143:*:*:*:*:*:*",
"matchCriteriaId": "EAE12731-2F0B-4C85-9795-BC2A7CB7932A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:build11144:*:*:*:*:*:*",
"matchCriteriaId": "0833A240-767B-46CF-B67C-52D3E89EE6BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*",
"matchCriteriaId": "E42B1B2B-7031-4DDA-B5D4-9D6A66BF6B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*",
"matchCriteriaId": "7D130762-4B49-4089-99A1-FEFD6B76AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*",
"matchCriteriaId": "CDC33E6B-81E2-4A15-8889-2CD709CF5E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*",
"matchCriteriaId": "E08A077E-B1AA-432A-B37A-AA603C8CD1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*",
"matchCriteriaId": "69B73464-8627-4CCE-93CE-B312A9D7B35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*",
"matchCriteriaId": "51839FBE-A7E1-40FD-B44B-F9C8CA62E063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*",
"matchCriteriaId": "7BE9BFCC-04AB-4053-949C-B2860E7E43B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*",
"matchCriteriaId": "A2062399-67EA-4368-9629-60E4A59DDB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*",
"matchCriteriaId": "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*",
"matchCriteriaId": "4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*",
"matchCriteriaId": "DEE7D305-0FA5-4126-A585-4FC1162AFA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*",
"matchCriteriaId": "05376518-DE14-45F7-9B60-F4B4CF7BD7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*",
"matchCriteriaId": "7FB2885F-308D-4AAC-9CD3-53150CC81C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11201:*:*:*:*:*:*",
"matchCriteriaId": "22068496-B157-406D-A78F-2C649005383A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11202:*:*:*:*:*:*",
"matchCriteriaId": "463B586A-C9C7-4516-B3CF-FB9688D4951E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11203:*:*:*:*:*:*",
"matchCriteriaId": "4C7D5AD4-F48A-4BFC-9BAB-DE046E6FD240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11204:*:*:*:*:*:*",
"matchCriteriaId": "E668E9E6-D20F-43BE-BEDE-A2B785359A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7C2035DC-3D54-4D0A-B18A-8D5FAA15CF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*",
"matchCriteriaId": "188135EF-9821-4325-A34F-AB6F430F5DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*",
"matchCriteriaId": "DC971E05-D69B-4688-861D-3D6357726CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*",
"matchCriteriaId": "FF31050A-1CB8-48E0-BFFA-4BC89538FEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*",
"matchCriteriaId": "5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*",
"matchCriteriaId": "360C0396-E928-4FCB-BAD3-6246A3BCEE37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*",
"matchCriteriaId": "3287B495-E4CB-4B2F-9ED5-E077AB0CDC11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11306:*:*:*:*:*:*",
"matchCriteriaId": "B2DB18CB-A6BB-46FC-B869-44D7ACC2470D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11307:*:*:*:*:*:*",
"matchCriteriaId": "DEFF58D3-26D4-4ADF-AAD2-0DB622B2BBDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11308:*:*:*:*:*:*",
"matchCriteriaId": "CE4567D6-E5DA-48B0-A98C-85C834C43AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11309:*:*:*:*:*:*",
"matchCriteriaId": "36502AA9-7B95-4A7E-99D4-52249D9FDF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0:12000:*:*:*:*:*:*",
"matchCriteriaId": "EBA1584D-1B5D-4734-9B60-F24BC2D82D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0:12001:*:*:*:*:*:*",
"matchCriteriaId": "68E040B2-D2D8-4AA3-B362-7A2871C58E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:12.0:12002:*:*:*:*:*:*",
"matchCriteriaId": "456CB186-7917-4CE0-A810-7BDD32391AE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 12003, permite omitir la autenticaci\u00f3n en determinadas configuraciones de administraci\u00f3n"
}
],
"id": "CVE-2021-44526",
"lastModified": "2024-11-21T06:31:09.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T15:15:07.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#12003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-13 19:15
Modified
2024-11-21 05:27
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "816A3CCE-7BD4-4D3D-984B-6BCFE3E3769E",
"versionEndExcluding": "11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
"matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
"matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
"matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
"matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
"matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
"matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
"matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
"matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
"matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
"matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
"matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
"matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*",
"matchCriteriaId": "53E10E88-28AE-4F01-AE6E-C76CB3309F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*",
"matchCriteriaId": "1909D29B-7532-4C60-9F16-BD310022E2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*",
"matchCriteriaId": "8B5FA504-BFA4-4740-A3C0-B917AF301E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*",
"matchCriteriaId": "2694C1E1-7596-4183-9B09-4BB5BA5C5551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*",
"matchCriteriaId": "31A7FA61-399B-4778-828C-BB65548966AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*",
"matchCriteriaId": "E33CAA7E-2F7B-4833-94F6-6C0F607903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11118:*:*:*:*:*:*",
"matchCriteriaId": "81D5E4BB-41F6-46B7-98C7-43DE55785496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11119:*:*:*:*:*:*",
"matchCriteriaId": "8400D7D8-D03D-4A5C-B533-A640A648238D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11120:*:*:*:*:*:*",
"matchCriteriaId": "21E4107F-A0DC-4A53-9352-A442B563599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11121:*:*:*:*:*:*",
"matchCriteriaId": "42B90217-2981-4B2A-BB29-BF36F4C1494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11122:*:*:*:*:*:*",
"matchCriteriaId": "A96B5C8D-5689-405D-ADD7-8BA0E9755EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11123:*:*:*:*:*:*",
"matchCriteriaId": "0B621910-3AE7-4E92-9B6D-C015A8D4AC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11124:*:*:*:*:*:*",
"matchCriteriaId": "9E480891-A40B-4184-B06D-26EC583FBA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11125:*:*:*:*:*:*",
"matchCriteriaId": "8D8905CE-F981-4034-8193-533A4930D518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11126:*:*:*:*:*:*",
"matchCriteriaId": "79FBA595-2CDC-45E8-8840-34D17F09A5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11127:*:*:*:*:*:*",
"matchCriteriaId": "D462AC9D-8731-49D9-A760-5013B496C8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11128:*:*:*:*:*:*",
"matchCriteriaId": "332AB05B-3DC2-493F-8DB8-7DA93531D9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11129:*:*:*:*:*:*",
"matchCriteriaId": "A9ED77FC-F359-48AA-8A48-4009B25992D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11130:*:*:*:*:*:*",
"matchCriteriaId": "98C4DC91-985F-413E-9F6F-27E93C1125E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11131:*:*:*:*:*:*",
"matchCriteriaId": "6841D87A-97FD-415B-931C-6407A36A1E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11132:*:*:*:*:*:*",
"matchCriteriaId": "D1C4B37D-6983-430C-91C5-635D7EF51A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11133:*:*:*:*:*:*",
"matchCriteriaId": "4E959106-3183-4D8A-888D-6379DC33234D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authentication Bypass (only during SAML login)."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11134, permite una omisi\u00f3n de autenticaci\u00f3n (solo durante el inicio de sesi\u00f3n SAML)"
}
],
"id": "CVE-2020-35682",
"lastModified": "2024-11-21T05:27:50.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-13T19:15:11.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-14 15:15
Modified
2024-11-21 04:27
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD0ED-99AD-4B1D-8111-A01A98C2A374",
"versionEndExcluding": "10509",
"versionStartIncluding": "10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus 10 anteriores a la versi\u00f3n 10509, permite el filtrado de informaci\u00f3n confidencial no autenticada durante la replicaci\u00f3n de Fail Over Service (FOS), tambi\u00e9n se conoce como SD-79989."
}
],
"id": "CVE-2019-15046",
"lastModified": "2024-11-21T04:27:56.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-14T15:15:12.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/37"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#10509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#10509"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-10 12:15
Modified
2024-11-21 05:45
Severity ?
Summary
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2021-22 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2021-22 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| zohocorp | manageengine_servicedesk_plus | 11.2 | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF230228-9493-4B59-865E-D6DD0BD88ABE",
"versionEndExcluding": "11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*",
"matchCriteriaId": "E42B1B2B-7031-4DDA-B5D4-9D6A66BF6B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11201:*:*:*:*:*:*",
"matchCriteriaId": "22068496-B157-406D-A78F-2C649005383A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11202:*:*:*:*:*:*",
"matchCriteriaId": "463B586A-C9C7-4516-B3CF-FB9688D4951E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11203:*:*:*:*:*:*",
"matchCriteriaId": "4C7D5AD4-F48A-4BFC-9BAB-DE046E6FD240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11204:*:*:*:*:*:*",
"matchCriteriaId": "E668E9E6-D20F-43BE-BEDE-A2B785359A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges."
},
{
"lang": "es",
"value": "La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM"
}
],
"id": "CVE-2021-20081",
"lastModified": "2024-11-21T05:45:53.577",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-10T12:15:07.910",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2021-22"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-07 13:15
Modified
2024-11-21 08:06
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D",
"versionEndExcluding": "14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*",
"matchCriteriaId": "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*",
"matchCriteriaId": "19A77447-AA60-4011-A64B-0A065F43279E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5E2D7250-8F17-4A29-BB1F-755A9DF0E3E6",
"versionEndExcluding": "14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14200:*:*:*:*:*:*",
"matchCriteriaId": "E2141BB9-EEB1-4648-A98F-8E56463E3D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14201:*:*:*:*:*:*",
"matchCriteriaId": "122F5CF4-E718-4E0F-90BB-173EC4A726E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.2:14202:*:*:*:*:*:*",
"matchCriteriaId": "DBDD2838-53B0-425F-B5FF-FD6DD6587C53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C96B503-E3D8-48E3-9D91-0EDD125A51B2",
"versionEndExcluding": "14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.2:14200:*:*:*:*:*:*",
"matchCriteriaId": "3F3F6B18-309E-402B-B5B6-857A71FCA675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.2:14201:*:*:*:*:*:*",
"matchCriteriaId": "2578CF13-141C-4DE4-9209-52A0CE5892C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications."
}
],
"id": "CVE-2023-34197",
"lastModified": "2024-11-21T08:06:45.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-07T13:15:09.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-34197.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-11 14:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user's logon domain if the accounts exists, or 'null' if it does not.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:9317:*:*:*:*:*:*",
"matchCriteriaId": "FA1D85B3-8327-4032-96A1-CF3EAF477160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Unauthenticated users are able to validate domain user accounts by sending a request containing the username to an API endpoint. The endpoint will return the user\u0027s logon domain if the accounts exists, or \u0027null\u0027 if it does not."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Zoho ManageEngine ServiceDesk Plus 9.3 Build 9317. Los usuarios no autenticados pueden validar cuentas de usuario de dominio mediante el env\u00edo de una petici\u00f3n que contiene el nombre de usuario de un endpoint de la API. El endpoint devolver\u00e1 el dominio de inicio de sesi\u00f3n del usuario si las cuentas existen o \"null\" en caso contrario."
}
],
"id": "CVE-2018-7248",
"lastModified": "2024-11-21T04:11:52.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-11T14:29:00.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104287"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/e-sterling/cve-2018-7248"
},
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/e-sterling/cve-2018-7248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40esterling_/cve-2018-7248-enumerating-active-directory-users-via-unauthenticated-manageengine-servicedesk-a1eda2942eb0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 15:15
Modified
2024-11-21 05:36
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1055C366-37DF-4269-AC26-9185B17F2C81",
"versionEndIncluding": "11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 permite un ataque de cross-site scripting (XSS). Este problema se solucion\u00f3 en la versi\u00f3n 11.0 Build 11010, SD-83959."
}
],
"id": "CVE-2020-6843",
"lastModified": "2024-11-21T05:36:16.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T15:15:14.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/32"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/34"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2020/Jan/34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-26 21:15
Modified
2025-02-03 20:15
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
"matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
"matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
"matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
"matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
"matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*",
"matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8049D8-8FE3-43CA-9568-AEA659776436",
"versionEndExcluding": "14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "5CDE81A3-95A1-42FC-A526-5F343E73ABD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*",
"matchCriteriaId": "0575CC86-9321-4502-83C0-348DCE175EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*",
"matchCriteriaId": "D1B60D55-DE84-4BE8-A42D-98D133D3D228",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*",
"matchCriteriaId": "B79CA06A-17DE-429A-A3C9-4FC28E907318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*",
"matchCriteriaId": "19C86206-29CB-4ABA-8979-19DF52B8CC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14104:*:*:*:*:*:*",
"matchCriteriaId": "7C7ACCBA-56DC-4159-A26C-6D8007B3AC23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E427ED35-3804-4448-BADE-6DD1E80D093F",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "6E368AC5-E3A5-44CE-8B6E-2454493764E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "B265CA09-4FDD-41BD-A5E8-1A4666FBDE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5563D0F3-ACFD-4F79-8428-12EF982E0F5F",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "B46588F2-4258-44C7-BCBE-40975D4CE27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "8FA49D56-60A0-462B-86D2-61391E8FAA47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint."
}
],
"id": "CVE-2023-29443",
"lastModified": "2025-02-03T20:15:31.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-26T21:15:08.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-02-17 04:29
Modified
2024-11-21 04:49
Severity ?
Summary
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "457A9C68-714A-4B93-8BF6-C9851E7CEAD5",
"versionEndExcluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad IDOR (Insecure Direct Object Reference) en Zoho ManageEngine ServiceDesk Plus (SDP) en versiones anteriores a la 10.0 build 10007 mediante un adjunto en una petici\u00f3n."
}
],
"id": "CVE-2019-8395",
"lastModified": "2024-11-21T04:49:50.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-17T04:29:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-05 19:15
Modified
2024-11-21 06:51
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * | |
| zohocorp | manageengine_servicedesk_plus | 13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B9E0DBB-8A69-4887-9105-0A3568E353BE",
"versionEndIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "B0B75973-355C-447E-BBEA-18459A5736C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation\u0027s default currency name."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13001, permite a cualquiera conocer el nombre de la moneda por defecto de la organizaci\u00f3n"
}
],
"id": "CVE-2022-25245",
"lastModified": "2024-11-21T06:51:52.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-05T19:15:08.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"url": "https://raxis.com/blog/cve-2022-25245"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-25245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://raxis.com/blog/cve-2022-25245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-25245.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-21 18:29
Modified
2024-11-21 04:22
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field."
},
{
"lang": "es",
"value": "Fue descubierto un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Existe un XSS a trav\u00e9s del campo de b\u00fasqueda SearchN.do."
}
],
"id": "CVE-2019-12189",
"lastModified": "2024-11-21T04:22:23.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-21T18:29:00.300",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tuyenhva/CVE-2019-12189"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153028/Zoho-ManageEngine-ServiceDesk-Plus-9.3-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tuyenhva/CVE-2019-12189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-21 19:15
Modified
2024-11-21 04:27
Severity ?
Summary
AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor's position is that this is intended functionality
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Aug/17 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Aug/17 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD0ED-99AD-4B1D-8111-A01A98C2A374",
"versionEndExcluding": "10509",
"versionStartIncluding": "10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AjaxDomainServlet in Zoho ManageEngine ServiceDesk Plus 10 allows User Enumeration. NOTE: the vendor\u0027s position is that this is intended functionality"
},
{
"lang": "es",
"value": "** EN DISPUTA ** AjaxDomainServlet en Zoho ManageEngine ServiceDesk Plus versi\u00f3n 10 permite la enumeraci\u00f3n de usuarios. NOTA: la posici\u00f3n del proveedor es que esta es la funcionalidad prevista."
}
],
"id": "CVE-2019-15045",
"lastModified": "2024-11-21T04:27:56.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-21T19:15:13.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154183/Zoho-Corporation-ManageEngine-ServiceDesk-Plus-Information-Disclosure.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Aug/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-18 22:15
Modified
2024-11-21 05:00
Severity ?
Summary
Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.com/eLeN3Re/CVE-2020-13154 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.com/eLeN3Re/CVE-2020-13154 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "298623A4-60DF-41F6-B2FD-ED84E6D2C06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
"matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
"matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
"matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
"matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
"matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
"matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
"matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
"matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
"matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
"matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
"matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
"matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet."
},
{
"lang": "es",
"value": "Zoho ManageEngine Service Plus versiones anteriores a 11.1 build 11112, permite a usuarios autenticados con pocos privilegios detectar la contrase\u00f1a de File Protection mediante una llamada de getFileProtectionSettings a AjaxServlet."
}
],
"id": "CVE-2020-13154",
"lastModified": "2024-11-21T05:00:45.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-18T22:15:12.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-13154"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gitlab.com/eLeN3Re/CVE-2020-13154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12542 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12542 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a trav\u00e9s del par\u00e1metro UserConfigID de SearchN.do."
}
],
"id": "CVE-2019-12542",
"lastModified": "2024-11-21T04:23:04.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T15:29:01.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12542"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 22:15
Modified
2024-11-21 07:11
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/products/service-desk/cve-2022-35403.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/cve-2022-35403.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19B93A05-EDB4-4E02-926D-17E967ECBF91",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "B0B75973-355C-447E-BBEA-18459A5736C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*",
"matchCriteriaId": "7E45A9C9-EE09-493E-AE75-BACCD86B97EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*",
"matchCriteriaId": "4509077B-AD20-49B3-B23D-A0BC9E7A07E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*",
"matchCriteriaId": "2B5066A4-D8F9-452D-9686-49B5B33EE326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*",
"matchCriteriaId": "A221A081-71CD-437F-9FE2-6A255A816BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*",
"matchCriteriaId": "883692B3-A95D-46F5-9E52-7694AF30CBAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*",
"matchCriteriaId": "D3C36A1A-9E47-4343-936A-711C7234D125",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*",
"matchCriteriaId": "D7875DEA-DE8F-4AF1-BCE7-FDF2A59C1DED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0647726-47C1-4CF5-91AA-E3E18776842C",
"versionEndExcluding": "10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*",
"matchCriteriaId": "877000C8-0405-481D-95CC-72B783457401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*",
"matchCriteriaId": "1DC5243C-C10E-46A1-A71E-7E736FC651E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*",
"matchCriteriaId": "C17D5800-8A5A-44BE-ACE3-6FB21631551C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*",
"matchCriteriaId": "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*",
"matchCriteriaId": "C1671DFA-9DAA-41E5-9528-50F63D32FBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*",
"matchCriteriaId": "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*",
"matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*",
"matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*",
"matchCriteriaId": "34EFB9EF-269E-4A72-8357-2A54E8B78C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)"
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 13008, ServiceDesk Plus MSP versiones anteriores a 10606 y SupportCenter Plus versiones anteriores a 11022 est\u00e1n afectados por una vulnerabilidad de divulgaci\u00f3n de archivos locales sin autenticaci\u00f3n por medio del correo electr\u00f3nico de creaci\u00f3n de tickets. (Esto tambi\u00e9n afecta a Asset Explorer versiones anteriores a 6977 con autenticaci\u00f3n)"
}
],
"id": "CVE-2022-35403",
"lastModified": "2024-11-21T07:11:06.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T22:15:08.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-35403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/cve-2022-35403.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 14:15
Modified
2024-11-21 04:28
Severity ?
Summary
Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/48473 | Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/48473 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "97CABEC7-2B76-4B17-B906-1CB2B49515A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*",
"matchCriteriaId": "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*",
"matchCriteriaId": "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*",
"matchCriteriaId": "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*",
"matchCriteriaId": "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*",
"matchCriteriaId": "01754D60-5592-4193-A2DF-4CE12D30CF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*",
"matchCriteriaId": "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*",
"matchCriteriaId": "21DC1DA3-012F-4AF2-B6CA-968E50A503EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*",
"matchCriteriaId": "9DE94B05-7B6A-4912-8590-D9C1791F9B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*",
"matchCriteriaId": "16C27699-4157-4473-9FB3-01151B3E21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*",
"matchCriteriaId": "F9AC6EC8-E1CA-4889-8AF8-482649CF2139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*",
"matchCriteriaId": "4186B73E-0E0F-48E1-9A51-B90E228BDA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*",
"matchCriteriaId": "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10012:*:*:*:*:*:*",
"matchCriteriaId": "3C86FB31-05E2-4C18-B5CE-81D5A9DFD267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10013:*:*:*:*:*:*",
"matchCriteriaId": "F58627E0-0171-4DDF-B9D4-0CE41C1DEA25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10014:*:*:*:*:*:*",
"matchCriteriaId": "1CD8BB75-E9F0-4675-835B-131C1B459138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10015:*:*:*:*:*:*",
"matchCriteriaId": "32CFCFEF-FA96-405A-AF7A-A652371A44F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10016:*:*:*:*:*:*",
"matchCriteriaId": "7354B26B-EA51-4BAF-B059-3BEEEE2A2F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10017:*:*:*:*:*:*",
"matchCriteriaId": "FE3E1888-FCFF-407F-8ABB-CA802DE5D2B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10018:*:*:*:*:*:*",
"matchCriteriaId": "9B48D8ED-0539-402C-92A0-0BE8F88ABA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10019:*:*:*:*:*:*",
"matchCriteriaId": "20604986-B662-4553-A481-9AC2979C2871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10020:*:*:*:*:*:*",
"matchCriteriaId": "FF77ADEA-AC44-49FF-BA41-C130FFD01F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10021:*:*:*:*:*:*",
"matchCriteriaId": "1EFE95CE-EA08-462D-B5EA-1F9E9737CCF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At \"Asset Home \u003e Server \u003e \u003cworkstation\u003e \u003e software\" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page."
},
{
"lang": "es",
"value": "Las instalaciones predeterminadas de Zoho ManageEngine ServiceDesk Plus versiones 10.0 anteriores a 10500, son vulnerables un ataque de tipo XSS inyectado por un administrador local de la estaci\u00f3n de trabajo. Usando los nombres de los programas instalados de la computadora como un vector, el administrador local puede ejecutar el c\u00f3digo en el lado del administrador de Manage Engine ServiceDesk. En \"Asset Home ) Server ) (workstation) ) software\" el administrador de ManageEngine puede controlar cual software est\u00e1 instalado en la estaci\u00f3n de trabajo. Esta tabla muestra todos los nombres de los programas instalados en la columna Software. En este campo, un atacante remoto puede inyectar c\u00f3digo malicioso para ejecutarlo cuando el administrador de ManageEngine visualice esta p\u00e1gina."
}
],
"id": "CVE-2019-15083",
"lastModified": "2024-11-21T04:28:01.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T14:15:11.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/48473"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/157717/ManageEngine-Service-Desk-10.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.exploit-db.com/exploits/48473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2024-11-21 07:45
Severity ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*",
"matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*",
"matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14004:*:*:*:*:*:*",
"matchCriteriaId": "547B3D0E-A042-46D1-9836-0B16843FE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14005:*:*:*:*:*:*",
"matchCriteriaId": "CEDD4FE7-4C3C-499A-BED7-41F542AC15D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14006:*:*:*:*:*:*",
"matchCriteriaId": "882EDA59-A5CD-4B93-8F9B-1E9D50871BEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component."
}
],
"id": "CVE-2023-23074",
"lastModified": "2024-11-21T07:45:50.013",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T20:15:11.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459195?tab=originator"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23074.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 14:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 10.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7DBA6C-3792-4432-BB77-17EE96FF1906",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 10.5. There is XSS via the WorkOrder.do search field."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en ManageEngine ServiceDesk Plus versi\u00f3n 10.5 de Zoho. Se presenta un problema de tipo XSS por medio del campo de b\u00fasqueda WorkOrder.do."
}
],
"id": "CVE-2019-12540",
"lastModified": "2024-11-21T04:23:03.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T14:15:11.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/Multiple-Cross-Site-Scripting-vulnerabilities-in-Zoho-ManageEngine"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12543 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12543 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a trav\u00e9s del par\u00e1metro PurchaseRequest.do serviceRequestId."
}
],
"id": "CVE-2019-12543",
"lastModified": "2024-11-21T04:23:04.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T15:29:01.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12543"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-05-21 18:29
Modified
2024-11-21 04:22
Severity ?
Summary
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail¬ifyTo=SOLFORWARD&id= substring.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D82A6D5-537F-4070-9E2B-C4FBA5FDB22D",
"versionEndIncluding": "10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution\u0026mode=E-Mail\u0026notifyTo=SOLFORWARD\u0026id= substring."
},
{
"lang": "es",
"value": "En Zoho ManageEngine ServiceDesk Plus hasta la versi\u00f3n 10.5, los usuarios con menos privilegios (guest) pueden ver una publicaci\u00f3n arbitraria agregando su n\u00famero al SDNotify.do?notifyModule=Solution\u0026mode=E-Mail\u0026notifyTo=SOLFORWARD\u0026id= substring."
}
],
"id": "CVE-2019-12252",
"lastModified": "2024-11-21T04:22:29.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-21T18:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108456"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tuyenhva/CVE-2019-12252"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/153029/Zoho-ManageEngine-ServiceDesk-Plus-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/108456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/tuyenhva/CVE-2019-12252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-23 18:15
Modified
2024-11-21 07:22
Severity ?
Summary
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://manageengine.com | Vendor Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/CVE-2022-40772.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://manageengine.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/CVE-2022-40772.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0647726-47C1-4CF5-91AA-E3E18776842C",
"versionEndExcluding": "10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*",
"matchCriteriaId": "DD01521E-40B5-46D6-9A29-DABA18F11DFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*",
"matchCriteriaId": "877000C8-0405-481D-95CC-72B783457401",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*",
"matchCriteriaId": "1DC5243C-C10E-46A1-A71E-7E736FC651E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*",
"matchCriteriaId": "C17D5800-8A5A-44BE-ACE3-6FB21631551C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*",
"matchCriteriaId": "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*",
"matchCriteriaId": "C1671DFA-9DAA-41E5-9528-50F63D32FBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*",
"matchCriteriaId": "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*",
"matchCriteriaId": "B3BAC4E7-840F-461A-A0F9-6E29F5C43F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*",
"matchCriteriaId": "9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*",
"matchCriteriaId": "FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E",
"versionEndExcluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3AE43EA7-9AA1-4EA7-8840-22BD543A093C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
"matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*",
"matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*",
"matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*",
"matchCriteriaId": "34EFB9EF-269E-4A72-8357-2A54E8B78C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module."
},
{
"lang": "es",
"value": "Las versiones 13010 y anteriores de Zoho ManageEngine ServiceDesk Plus son vulnerables a una omisi\u00f3n de validaci\u00f3n que permite a los usuarios acceder a datos confidenciales a trav\u00e9s del m\u00f3dulo de informes."
}
],
"id": "CVE-2022-40772",
"lastModified": "2024-11-21T07:22:02.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-23T18:15:12.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40772.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2024-11-21 07:45
Severity ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*",
"matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*",
"matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14004:*:*:*:*:*:*",
"matchCriteriaId": "547B3D0E-A042-46D1-9836-0B16843FE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14005:*:*:*:*:*:*",
"matchCriteriaId": "CEDD4FE7-4C3C-499A-BED7-41F542AC15D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14006:*:*:*:*:*:*",
"matchCriteriaId": "882EDA59-A5CD-4B93-8F9B-1E9D50871BEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component."
}
],
"id": "CVE-2023-23073",
"lastModified": "2024-11-21T07:45:49.867",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T20:15:11.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006459171?tab=originator"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23073.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-01 20:15
Modified
2024-11-21 07:45
Severity ?
Summary
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 | |
| zohocorp | manageengine_servicedesk_plus | 14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C2F73B9C-DD25-4BF1-AC1A-5A7E71C47112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*",
"matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*",
"matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14004:*:*:*:*:*:*",
"matchCriteriaId": "547B3D0E-A042-46D1-9836-0B16843FE97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14005:*:*:*:*:*:*",
"matchCriteriaId": "CEDD4FE7-4C3C-499A-BED7-41F542AC15D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14006:*:*:*:*:*:*",
"matchCriteriaId": "882EDA59-A5CD-4B93-8F9B-1E9D50871BEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets."
}
],
"id": "CVE-2023-23078",
"lastModified": "2024-11-21T07:45:50.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T20:15:12.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator"
},
{
"source": "cve@mitre.org",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://bugbounty.zohocorp.com/bb/#/bug/101000006458675?tab=originator"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/products/service-desk/CVE-2023-23078.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-01 06:15
Modified
2025-02-03 16:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.
References
Impacted products
{
"cisaActionDue": "2021-12-15",
"cisaExploitAdd": "2021-12-01",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11005:*:*:*:*:*:*",
"matchCriteriaId": "AA22E70B-F031-4ADA-B8CE-4B8FF6957F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11006:*:*:*:*:*:*",
"matchCriteriaId": "D79D1272-025B-40E2-BE9D-141577DC1FD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11007:*:*:*:*:*:*",
"matchCriteriaId": "725B0345-D7BD-4302-B81A-C17115FF1070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11008:*:*:*:*:*:*",
"matchCriteriaId": "2D0E9A21-D7CB-4129-925F-9D3105071FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11009:*:*:*:*:*:*",
"matchCriteriaId": "01750E0E-29E5-4FFA-8194-813FA363467E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11010:*:*:*:*:*:*",
"matchCriteriaId": "E2C953DF-2F29-488E-B4DD-F64BA0BD6A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.0:11011:*:*:*:*:*:*",
"matchCriteriaId": "D8774F16-1A2C-4A91-B132-DE8B1D29DB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:-:*:*:*:*:*:*",
"matchCriteriaId": "298623A4-60DF-41F6-B2FD-ED84E6D2C06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11100:*:*:*:*:*:*",
"matchCriteriaId": "523C554B-076C-4F59-A04B-92D57CDAF7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11101:*:*:*:*:*:*",
"matchCriteriaId": "3A85A576-6144-41DB-9ACF-1DD93D5A8852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11102:*:*:*:*:*:*",
"matchCriteriaId": "02EC45C8-CD28-4B2A-A1FA-1EA9F8B392F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11103:*:*:*:*:*:*",
"matchCriteriaId": "1A4A02F3-4427-4E4C-9245-EF5D73A7AC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11104:*:*:*:*:*:*",
"matchCriteriaId": "063D71A3-F1DF-486A-92E1-338C6D5C9E8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11105:*:*:*:*:*:*",
"matchCriteriaId": "14A2C9CC-D434-41A7-A01A-03933675556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11106:*:*:*:*:*:*",
"matchCriteriaId": "B283BD0B-22E3-4AD3-AE4B-07431DA00E5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11107:*:*:*:*:*:*",
"matchCriteriaId": "42FDD0DE-EEE7-4D82-B9CA-EFA052728C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11108:*:*:*:*:*:*",
"matchCriteriaId": "DED26B68-E61F-4575-85AD-48EC2E128712",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11109:*:*:*:*:*:*",
"matchCriteriaId": "F69FF4ED-AFCE-49A2-AD4C-E6A870FFA32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11110:*:*:*:*:*:*",
"matchCriteriaId": "7AFCBA54-26E4-4C56-82BB-135FCA210419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11111:*:*:*:*:*:*",
"matchCriteriaId": "9B594A55-DBF5-4C3F-855F-843A7F26DFEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11112:*:*:*:*:*:*",
"matchCriteriaId": "53E10E88-28AE-4F01-AE6E-C76CB3309F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11113:*:*:*:*:*:*",
"matchCriteriaId": "1909D29B-7532-4C60-9F16-BD310022E2A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11114:*:*:*:*:*:*",
"matchCriteriaId": "8B5FA504-BFA4-4740-A3C0-B917AF301E72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11115:*:*:*:*:*:*",
"matchCriteriaId": "2694C1E1-7596-4183-9B09-4BB5BA5C5551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11116:*:*:*:*:*:*",
"matchCriteriaId": "31A7FA61-399B-4778-828C-BB65548966AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11117:*:*:*:*:*:*",
"matchCriteriaId": "E33CAA7E-2F7B-4833-94F6-6C0F607903CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11118:*:*:*:*:*:*",
"matchCriteriaId": "81D5E4BB-41F6-46B7-98C7-43DE55785496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11119:*:*:*:*:*:*",
"matchCriteriaId": "8400D7D8-D03D-4A5C-B533-A640A648238D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11120:*:*:*:*:*:*",
"matchCriteriaId": "21E4107F-A0DC-4A53-9352-A442B563599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11121:*:*:*:*:*:*",
"matchCriteriaId": "42B90217-2981-4B2A-BB29-BF36F4C1494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11122:*:*:*:*:*:*",
"matchCriteriaId": "A96B5C8D-5689-405D-ADD7-8BA0E9755EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11123:*:*:*:*:*:*",
"matchCriteriaId": "0B621910-3AE7-4E92-9B6D-C015A8D4AC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11124:*:*:*:*:*:*",
"matchCriteriaId": "9E480891-A40B-4184-B06D-26EC583FBA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11125:*:*:*:*:*:*",
"matchCriteriaId": "8D8905CE-F981-4034-8193-533A4930D518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11126:*:*:*:*:*:*",
"matchCriteriaId": "79FBA595-2CDC-45E8-8840-34D17F09A5FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11127:*:*:*:*:*:*",
"matchCriteriaId": "D462AC9D-8731-49D9-A760-5013B496C8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11128:*:*:*:*:*:*",
"matchCriteriaId": "332AB05B-3DC2-493F-8DB8-7DA93531D9BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11129:*:*:*:*:*:*",
"matchCriteriaId": "A9ED77FC-F359-48AA-8A48-4009B25992D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11130:*:*:*:*:*:*",
"matchCriteriaId": "98C4DC91-985F-413E-9F6F-27E93C1125E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11131:*:*:*:*:*:*",
"matchCriteriaId": "6841D87A-97FD-415B-931C-6407A36A1E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11132:*:*:*:*:*:*",
"matchCriteriaId": "D1C4B37D-6983-430C-91C5-635D7EF51A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11133:*:*:*:*:*:*",
"matchCriteriaId": "4E959106-3183-4D8A-888D-6379DC33234D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11134:*:*:*:*:*:*",
"matchCriteriaId": "72C74691-300E-4CD7-AD57-594586B12669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11135:*:*:*:*:*:*",
"matchCriteriaId": "1F60565E-3BDA-4BE3-B013-1BF4469B8B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11136:*:*:*:*:*:*",
"matchCriteriaId": "6BD8A92A-AC27-4914-B36D-94829478D47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11137:*:*:*:*:*:*",
"matchCriteriaId": "7ED4E888-2EFA-4F7F-9503-59F34FF720D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*",
"matchCriteriaId": "106A06E5-56E8-41D3-A059-7DA6737DABAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*",
"matchCriteriaId": "401AEAD2-183D-4E55-94AD-D24A9BE46D61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*",
"matchCriteriaId": "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*",
"matchCriteriaId": "417D6E6A-C16A-4A76-8D65-31340834233E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*",
"matchCriteriaId": "1A040A5B-8C2A-4557-AB5E-1427B0F1E889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*",
"matchCriteriaId": "207A81A8-02EF-4793-B047-46581BF7E60B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*",
"matchCriteriaId": "194BEECD-F877-4D28-A534-E965D69C9EB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*",
"matchCriteriaId": "E42B1B2B-7031-4DDA-B5D4-9D6A66BF6B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*",
"matchCriteriaId": "7D130762-4B49-4089-99A1-FEFD6B76AB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*",
"matchCriteriaId": "CDC33E6B-81E2-4A15-8889-2CD709CF5E45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*",
"matchCriteriaId": "E08A077E-B1AA-432A-B37A-AA603C8CD1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*",
"matchCriteriaId": "69B73464-8627-4CCE-93CE-B312A9D7B35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*",
"matchCriteriaId": "51839FBE-A7E1-40FD-B44B-F9C8CA62E063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*",
"matchCriteriaId": "7BE9BFCC-04AB-4053-949C-B2860E7E43B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*",
"matchCriteriaId": "A2062399-67EA-4368-9629-60E4A59DDB29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*",
"matchCriteriaId": "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "7C2035DC-3D54-4D0A-B18A-8D5FAA15CF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*",
"matchCriteriaId": "188135EF-9821-4325-A34F-AB6F430F5DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*",
"matchCriteriaId": "DC971E05-D69B-4688-861D-3D6357726CB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication."
},
{
"lang": "es",
"value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11302, es vulnerable a una omisi\u00f3n de autenticaci\u00f3n que permite algunas URLs REST-API sin autenticaci\u00f3n"
}
],
"id": "CVE-2021-37415",
"lastModified": "2025-02-03T16:15:31.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2021-09-01T06:15:06.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.manageengine.com/products/service-desk/on-premises/readme.html#11302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-01-18 18:15
Modified
2024-11-21 07:32
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
References
Impacted products
{
"cisaActionDue": "2023-02-13",
"cisaExploitAdd": "2023-01-23",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*",
"matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*",
"matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*",
"matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*",
"matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*",
"matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*",
"matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFA4EA7A-B1C1-4750-A11D-89054B77B320",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "16BADE82-3652-4074-BDFF-828B7213CAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*",
"matchCriteriaId": "97EA9324-9377-46E1-A0EA-637128E65DED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*",
"matchCriteriaId": "EA5BE36E-A73A-4D1C-8185-9692373F1444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*",
"matchCriteriaId": "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*",
"matchCriteriaId": "F505C783-09DE-4045-9DB4-DD850B449A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*",
"matchCriteriaId": "212BF664-02DE-457F-91A6-6F824ECC963B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*",
"matchCriteriaId": "D102B74F-6762-4EFE-BAF7-A7D416867D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*",
"matchCriteriaId": "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*",
"matchCriteriaId": "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*",
"matchCriteriaId": "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*",
"matchCriteriaId": "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*",
"matchCriteriaId": "623151CB-4C6B-4068-B173-FE8E73D652F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*",
"matchCriteriaId": "1D84377E-CB44-4C6A-A665-763A1CD1AF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*",
"matchCriteriaId": "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*",
"matchCriteriaId": "4C568190-1C1B-44FA-B50A-C142A0B8224D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*",
"matchCriteriaId": "F876B2E2-C2FF-47BE-9F53-5F86606A08CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131",
"versionEndExcluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*",
"matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*",
"matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*",
"matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*",
"matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*",
"matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*",
"matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*",
"matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*",
"matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*",
"matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*",
"matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*",
"matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*",
"matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*",
"matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*",
"matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*",
"matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*",
"matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*",
"matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*",
"matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*",
"matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*",
"matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*",
"matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*",
"matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*",
"matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*",
"matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*",
"matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*",
"matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*",
"matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68",
"versionEndExcluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*",
"matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*",
"matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*",
"matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*",
"matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*",
"matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*",
"matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*",
"matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*",
"matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*",
"matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*",
"matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*",
"matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2026DE5E-EDDA-4134-A63E-1F01A9ED209F",
"versionEndExcluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:*",
"matchCriteriaId": "DBEE7368-580D-422E-80DE-079462579BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:*",
"matchCriteriaId": "92C88B5F-3689-4314-B23E-D9051808C1D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:*",
"matchCriteriaId": "839EB997-896A-4CD9-BADF-1C2DC2B498F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:*",
"matchCriteriaId": "7A4DF40E-2941-4A38-9297-42502D7EE0C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:*",
"matchCriteriaId": "DD056927-1BC0-42A0-8E26-7FC0F4BE58AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:*",
"matchCriteriaId": "99F6F9CC-5A94-4A74-8D36-BE198424C955",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1E5798-5079-4292-9C11-2F334F8AC825",
"versionEndExcluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:*",
"matchCriteriaId": "37D11E5C-C569-4D9F-BFF8-315F6D458D68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*",
"matchCriteriaId": "1E270FB5-C447-4C93-9947-2CE50850A46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*",
"matchCriteriaId": "496AFB26-1E11-4632-8C10-CD80F601FCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:*",
"matchCriteriaId": "B2CE86DA-B688-4E9E-AF16-1974858D18BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:*",
"matchCriteriaId": "4BFA2F57-4506-4B3D-86E8-BE9BEC1134B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C7DC97-8BF1-421F-9272-FD301D2D7A3F",
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*",
"matchCriteriaId": "9BE65B96-74ED-48F1-B86D-CB3387D989CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*",
"matchCriteriaId": "B4127640-1F60-4687-A24A-22B05A125290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*",
"matchCriteriaId": "E42928FB-E0E7-4951-B9B1-CEF60560A945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*",
"matchCriteriaId": "43C059E6-E1CA-4792-B383-93062CD82D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*",
"matchCriteriaId": "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:*",
"matchCriteriaId": "6C34175B-0978-4207-BFC0-F38FDFF9B3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:*",
"matchCriteriaId": "6CAB911E-5CE6-47BA-9909-C42BDFEE0F5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A",
"versionEndExcluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*",
"matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*",
"matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*",
"matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*",
"matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1FCF-76A0-40BC-A38F-56FCB713419F",
"versionEndExcluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*",
"matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*",
"matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*",
"matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*",
"matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*",
"matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*",
"matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*",
"matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*",
"matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*",
"matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F5E8E6-B1AA-4454-86D3-648B67CA915E",
"versionEndExcluding": "10.1.220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FAA4DE-2C24-4ED4-9F2C-84CEA3200E31",
"versionEndExcluding": "11.1.2238.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8239C2A0-BA6D-4B5C-B02F-617178685D52",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA4E3A8-CAB3-461E-8A99-F7D115B17E71",
"versionEndExcluding": "10.1.2137.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53EC71FA-E248-4DA5-BA76-746631AC435E",
"versionEndExcluding": "1.1.2243.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5784980D-CEBB-4982-BD1F-FD8F5F2A039C",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9F459-2C86-4646-B87C-A55381E0939F",
"versionEndExcluding": "10.1.2228.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D851B9A-EE8F-4634-A26D-BCC44B5CF02A",
"versionEndExcluding": "10.1.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "450E672F-FA36-4770-87B6-CC8DA66D2222",
"versionEndExcluding": "10.1.2220.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."
},
{
"lang": "es",
"value": "M\u00faltiples productos locales de Zoho ManageEngine, como ServiceDesk Plus hasta 14003, permiten la ejecuci\u00f3n remota de c\u00f3digo debido al uso de Apache Santuario xmlsec (tambi\u00e9n conocido como XML Security para Java) 1.4.1, porque las funciones xmlsec XSLT, por dise\u00f1o en esa versi\u00f3n, hacen la aplicaci\u00f3n responsable de ciertas protecciones de seguridad, y las aplicaciones ManageEngine no proporcionaban esas protecciones. Esto afecta a Access Manager Plus anterior a 4308, Active Directory 360 anterior a 4310, ADAudit Plus anterior a 7081, ADManager Plus anterior a 7162, ADSelfService Plus anterior a 6211, Analytics Plus anterior a 5150, Application Control Plus anterior a 10.1.2220.18, Asset Explorer anterior a 6983, Browser Security Plus antes de 11.1.2238.6, Device Control Plus antes de 10.1.2220.18, Endpoint Central antes de 10.1.2228.11, Endpoint Central MSP antes de 10.1.2228.11, Endpoint DLP antes de 10.1.2137.6, Key Manager Plus antes de 6401, OS Deployer antes de 1.1.2243.1, PAM 360 antes de 5713, Password Manager Pro antes de 12124, Patch Manager Plus antes de 10.1.2220.18, Remote Access Plus antes de 10.1.2228.11, Remote Monitoring and Management (RMM) antes de 10.1.41. ServiceDesk Plus anterior a 14004, ServiceDesk Plus MSP anterior a 13001, SupportCenter Plus anterior a 11026 y Vulnerability Manager Plus anterior a 10.1.2220.18. La explotaci\u00f3n solo es posible si alguna vez se ha configurado SAML SSO para un producto (para algunos productos, la explotaci\u00f3n requiere que SAML SSO est\u00e9 actualmente activo).\n"
}
],
"id": "CVE-2022-47966",
"lastModified": "2024-11-21T07:32:38.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-18T18:15:10.570",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/horizon3ai/CVE-2022-47966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-28 20:15
Modified
2024-11-21 08:08
Severity ?
Summary
Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*",
"matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*",
"matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*",
"matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*",
"matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*",
"matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*",
"matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*",
"matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*",
"matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4310:*:*:*:*:*:*",
"matchCriteriaId": "9A24DBF5-EBC0-49DB-B253-1098BF1C6180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4312:*:*:*:*:*:*",
"matchCriteriaId": "9E5C2FC4-A020-42C8-958D-603C82E9F0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4313:*:*:*:*:*:*",
"matchCriteriaId": "D94DE7F6-9231-48F5-8B3F-D8D34594CBB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4314:*:*:*:*:*:*",
"matchCriteriaId": "27C465F6-F7F2-4FBD-B12F-4795EB47842C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4315:*:*:*:*:*:*",
"matchCriteriaId": "27BCB134-B415-481F-BBDB-650F5AD65EDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10",
"versionEndExcluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "258BF334-DE00-472D-BD94-C0DF8CDAF53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*",
"matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*",
"matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*",
"matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*",
"matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*",
"matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*",
"matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*",
"matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*",
"matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*",
"matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*",
"matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*",
"matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*",
"matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*",
"matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*",
"matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*",
"matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*",
"matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*",
"matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*",
"matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*",
"matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*",
"matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*",
"matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*",
"matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*",
"matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*",
"matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*",
"matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*",
"matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*",
"matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*",
"matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*",
"matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*",
"matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*",
"matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*",
"matchCriteriaId": "03A34ED3-EC89-4BE3-8A99-A5727A154672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*",
"matchCriteriaId": "4E84EF2B-37A5-4499-8C16-877E8AB8A731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*",
"matchCriteriaId": "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*",
"matchCriteriaId": "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*",
"matchCriteriaId": "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*",
"matchCriteriaId": "356CA7C7-993F-4D5D-9FAB-9E5475878D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6989:*:*:*:*:*:*",
"matchCriteriaId": "82F1AAC1-E49B-4580-9569-AD9B1E649A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6990:*:*:*:*:*:*",
"matchCriteriaId": "D971F57C-820C-4391-A15C-80A4901BC358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6991:*:*:*:*:*:*",
"matchCriteriaId": "3EAA3D29-2763-4201-9471-A0874727F40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6992:*:*:*:*:*:*",
"matchCriteriaId": "B632C001-CE54-4C22-AB99-7919D8902FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6993:*:*:*:*:*:*",
"matchCriteriaId": "648277D7-3CDD-455B-95D3-CBD9A3A82C62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*",
"matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F",
"versionEndExcluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*",
"matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*",
"matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*",
"matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*",
"matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*",
"matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*",
"matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*",
"matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*",
"matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*",
"matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*",
"matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*",
"matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*",
"matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*",
"matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*",
"matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*",
"matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*",
"matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*",
"matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*",
"matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*",
"matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D262240-1B28-4B7C-B673-C10DD878D912",
"versionEndExcluding": "12.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12300:*:*:*:*:*:*",
"matchCriteriaId": "39F6B49B-8531-4A62-B0D9-C1BCD728D4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.3.0:12301:*:*:*:*:*:*",
"matchCriteriaId": "F2769404-4E8A-478C-9328-269E2C334E31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B83EF5-BEF1-4636-9B3C-AE41E6010F2C",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5300:*:*:*:*:*:*",
"matchCriteriaId": "CF4D70E8-77A6-4F51-A15B-28299D43B095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5301:*:*:*:*:*:*",
"matchCriteriaId": "E03D403B-C904-482E-838C-D6595C5D27FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5302:*:*:*:*:*:*",
"matchCriteriaId": "FFEB1CB7-B9F7-463D-88F8-3A2E86264FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5305:*:*:*:*:*:*",
"matchCriteriaId": "E4B18DCB-4A02-4DE6-9B19-D79299934D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5310:*:*:*:*:*:*",
"matchCriteriaId": "2D34C6F9-2578-460F-AF34-2E9494BCDE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5311:*:*:*:*:*:*",
"matchCriteriaId": "48E3DA1B-9FC6-4F07-9F89-6D71EF42FCFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5315:*:*:*:*:*:*",
"matchCriteriaId": "B2F48B91-FFD5-4AC4-A198-64870E47AE9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*",
"matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*",
"matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*",
"matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*",
"matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*",
"matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*",
"matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*",
"matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*",
"matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*",
"matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*",
"matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*",
"matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*",
"matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*",
"matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*",
"matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*",
"matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*",
"matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*",
"matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*",
"matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*",
"matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*",
"matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*",
"matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*",
"matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*",
"matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*",
"matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*",
"matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*",
"matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*",
"matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*",
"matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*",
"matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*",
"matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*",
"matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*",
"matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*",
"matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*",
"matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*",
"matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*",
"matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*",
"matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*",
"matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*",
"matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*",
"matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*",
"matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*",
"matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*",
"matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*",
"matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*",
"matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*",
"matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*",
"matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*",
"matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*",
"matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*",
"matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*",
"matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*",
"matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*",
"matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*",
"matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*",
"matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*",
"matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*",
"matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*",
"matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*",
"matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*",
"matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*",
"matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*",
"matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD",
"versionEndExcluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*",
"matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*",
"matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*",
"matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*",
"matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*",
"matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*",
"matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*",
"matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*",
"matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*",
"matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*",
"matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*",
"matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*",
"matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*",
"matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*",
"matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*",
"matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*",
"matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*",
"matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*",
"matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*",
"matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*",
"matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*",
"matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*",
"matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*",
"matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*",
"matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*",
"matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*",
"matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*",
"matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D69A22E7-FF66-43A0-83FF-4D0ADF25B33D",
"versionEndExcluding": "14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14200:*:*:*:*:*:*",
"matchCriteriaId": "4A89D0AC-E27C-4C35-8E2E-44DF0BBD6FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14201:*:*:*:*:*:*",
"matchCriteriaId": "19A77447-AA60-4011-A64B-0A065F43279E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14202:*:*:*:*:*:*",
"matchCriteriaId": "811ADC13-780C-4325-8879-E521CBEC20B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14203:*:*:*:*:*:*",
"matchCriteriaId": "DB25E317-1104-4CFE-8F6A-B8B55F578F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.2:14204:*:*:*:*:*:*",
"matchCriteriaId": "8157D1BB-556A-444B-9F4C-0BD0EF4CF02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
"matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
"matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
"matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14204 and below and 143xx 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below, and Support Center Plus 14300 and below are vulnerable to 2FA bypass via a few TOTP authenticators. Note: A valid pair of username and password is required to leverage this vulnerability."
},
{
"lang": "es",
"value": "Zoho ManageEngine Active Directory 360 versiones 4315 e inferiores, ADAudit Plus 7202 e inferiores, ADManager Plus 7200 e inferiores, Asset Explorer 6993 e inferiores y 7xxx 7002 e inferiores, Cloud Security Plus 4161 e inferiores, Data Security Plus 6110 e inferiores, Eventlog Analyzer 12301 y siguientes, Exchange Reporter Plus 5709 y siguientes, Log360 5315 y siguientes, Log360 UEBA 4045 y siguientes, M365 Manager Plus 4529 y siguientes, M365 Security Plus 4529 y siguientes, Recovery Manager Plus 6061 y siguientes, ServiceDesk Plus 14204 y siguientes y 143xx 14302 e inferiores, ServiceDesk Plus MSP 14300 e inferiores, SharePoint Manager Plus 4402 e inferiores, y Support Center Plus 14300 e inferiores son vulnerables a la omisi\u00f3n de 2FA a trav\u00e9s de algunos autenticadores TOTP. Nota: Se requiere un par v\u00e1lido de nombre de usuario y contrase\u00f1a para aprovechar esta vulnerabilidad.\n"
}
],
"id": "CVE-2023-35785",
"lastModified": "2024-11-21T08:08:41.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-28T20:15:08.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://manageengine.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-04 16:29
Modified
2024-11-21 04:18
Severity ?
Summary
Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://0x445.github.io/CVE-2019-10273/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46674/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://0x445.github.io/CVE-2019-10273/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46674/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information leakage vulnerability in the /mc login page in ManageEngine ServiceDesk Plus 9.3 software allows authenticated users to enumerate active users. Due to a flaw within the way the authentication is handled, an attacker is able to login and verify any active account."
},
{
"lang": "es",
"value": "Una vulnerabilidad de fuga de informaci\u00f3n en la p\u00e1gina de inicio de sesi\u00f3n /mc en el software ManageEngine ServiceDesk Plus 9.3 permite a los usuarios autenticados enumerar los usuarios activos. Debido a un error en la manera en la que se gestiona la autenticaci\u00f3n, un atacante es capaz de iniciar sesi\u00f3n y verificar cualquier cuenta activa."
}
],
"id": "CVE-2019-10273",
"lastModified": "2024-11-21T04:18:47.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-04T16:29:02.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x445.github.io/CVE-2019-10273/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46674/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152439/ManageEngine-ServiceDesk-Plus-9.3-User-Enumeration.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://0x445.github.io/CVE-2019-10273/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46674/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 15:29
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/tarantula-team/CVE-2019-12541 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/tarantula-team/CVE-2019-12541 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/products/service-desk/readme.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | 9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2F10BC-1C2F-4ED6-9A66-37D115010A9B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Zoho ManageEngine ServiceDesk Plus 9.3. Hay XSS a trav\u00e9s del par\u00e1metro SolutionSearch.do searchText."
}
],
"id": "CVE-2019-12541",
"lastModified": "2024-11-21T04:23:04.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T15:29:01.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12541"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/tarantula-team/CVE-2019-12541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/products/service-desk/readme.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-25 16:29
Modified
2024-11-21 03:35
Severity ?
Summary
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107558 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://labs.integrity.pt/advisories/cve-2017-9376/ | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107558 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.integrity.pt/advisories/cve-2017-9376/ | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9164DE27-BE62-4EB3-B2F1-899A3D284DEC",
"versionEndExcluding": "9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do."
},
{
"lang": "es",
"value": "ManageEngine ServiceDesk Plus en sus versiones anteriores a la 9314 contiene una vulnerabilidad de inclusi\u00f3n de archivo local en el par\u00e1metro defModule en DefaultConfigDef.do y AssetDefaultConfigDef.do."
}
],
"id": "CVE-2017-9376",
"lastModified": "2024-11-21T03:35:57.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-25T16:29:03.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107558"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9376/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://labs.integrity.pt/advisories/cve-2017-9376/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-15 21:15
Modified
2025-02-13 18:16
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725AEAF1-8E3C-4D33-B65D-C8304506A131",
"versionEndExcluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_appcreator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A753D74-F09F-4C42-A7C2-4D3A280FCACC",
"versionEndExcluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AEDFE0E-9C9A-4DF6-9918-B5BD4DC67624",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21C65599-8166-4066-BF0F-5C3CC55F544A",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB1749-097D-4F9F-94DB-F35E72A42034",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_central:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06579974-7085-42B3-9F9F-A733A1CA37D9",
"versionEndExcluding": "11.2.2322.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_central_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F551AC16-6CBA-4460-A05D-D083967BDF07",
"versionEndExcluding": "11.2.2322.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE96B83-9684-4955-81C5-AD5B5BC817DF",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC58FEB-B8E4-4B1C-AE55-F4577D7BF505",
"versionEndExcluding": "10.1.2204.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:10.1.2207.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B65D12-7DAE-4815-993C-7C5903E990DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C070B9E-FE09-4CFE-B489-DC9CED210CF1",
"versionEndExcluding": "1.2.2331.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9C6675-2DDB-4FD6-8FA6-B3EE56F87F69",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA4B79F8-4D04-4EA4-8754-355DB6CA71B8",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA39630-6CE1-46E3-AF49-67DB09308C5D",
"versionEndExcluding": "10.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D89B41-A239-4329-9BEA-6D52EE8644D8",
"versionEndExcluding": "11.2.2328.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD7707C-0FE5-475D-8FB2-CDB19363421A",
"versionEndExcluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6300:*:*:*:*:*:*",
"matchCriteriaId": "F0C93DB0-3029-4D49-B180-6EFAEC4B712B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6301:*:*:*:*:*:*",
"matchCriteriaId": "F69BFD56-BA90-426C-9EF1-4BD925657BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6302:*:*:*:*:*:*",
"matchCriteriaId": "1171C259-086C-42CA-BE56-5B410677F72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.3:6303:*:*:*:*:*:*",
"matchCriteriaId": "827B0C20-903F-48A5-8918-81F39202C21F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "BC919233-CE66-416C-8649-B94A23F131F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E802FD77-E67A-438C-82CE-9FC7536FB14E",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "0FAF63F4-AED2-4EA4-BA5B-45961B2E29B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "237AA2F5-B9A3-4C40-92AC-61FE47A017BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "4C23A64C-65CB-447B-9B5F-4BB22F68FC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "3489D84B-5960-4FA7-A2DD-88AE35C34CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7210:*:*:*:*:*:*",
"matchCriteriaId": "D86AB1CC-0FDE-4CC1-BF64-E0C61EAF652F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7211:*:*:*:*:*:*",
"matchCriteriaId": "076FDAE7-9DB2-4A04-B09E-E53858D208C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7212:*:*:*:*:*:*",
"matchCriteriaId": "07C08B57-FA76-4E24-BC10-B837597BC7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7213:*:*:*:*:*:*",
"matchCriteriaId": "0D734ACB-33E8-4315-8A79-2B97CE1D0509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7215:*:*:*:*:*:*",
"matchCriteriaId": "9314CA98-7A69-4D2B-9928-40F55888C9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7220:*:*:*:*:*:*",
"matchCriteriaId": "BCE7999C-D6AE-4406-A563-A520A171381D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.2:7250:*:*:*:*:*:*",
"matchCriteriaId": "D5716895-4553-4613-B774-0964D3E88AA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5618AEE3-0F6A-47CC-9783-DF9B5C8AC12F",
"versionEndExcluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4100:*:*:*:*:*:*",
"matchCriteriaId": "BFD452AD-7053-4C13-97DA-326C3DC6E26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4101:*:*:*:*:*:*",
"matchCriteriaId": "0B87956F-9C45-4A65-BEB2-77A247BD7A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4102:*:*:*:*:*:*",
"matchCriteriaId": "17BE6347-1605-47DB-8CFE-B587E3AB4223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4103:*:*:*:*:*:*",
"matchCriteriaId": "C47F9F56-B1DE-426B-B5CF-A1BB5973D6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4104:*:*:*:*:*:*",
"matchCriteriaId": "E6A7C5C6-0137-4279-A7EA-3439BE477A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4105:*:*:*:*:*:*",
"matchCriteriaId": "C921F1B2-69B4-448F-AC7C-2F4474507FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4106:*:*:*:*:*:*",
"matchCriteriaId": "91DB9017-1BCF-48DB-97AE-4214150BAE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4107:*:*:*:*:*:*",
"matchCriteriaId": "D066B999-8554-49F0-92C3-1A4DDEA6E32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4108:*:*:*:*:*:*",
"matchCriteriaId": "635F80E1-4A73-48DC-A128-D61716D70839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4109:*:*:*:*:*:*",
"matchCriteriaId": "E74FE1C4-471A-4040-96A4-0BE46745199B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4110:*:*:*:*:*:*",
"matchCriteriaId": "C31E2485-2F3A-4BC1-92CC-F7DCB464B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4111:*:*:*:*:*:*",
"matchCriteriaId": "99C928C2-4711-4765-BDF2-E7FB448F5771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4112:*:*:*:*:*:*",
"matchCriteriaId": "EDF77387-21C7-45CA-B843-EBA956EE2BB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4113:*:*:*:*:*:*",
"matchCriteriaId": "5C2C0067-538B-4102-8B4E-603BD4CE8F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4115:*:*:*:*:*:*",
"matchCriteriaId": "DAF47C10-AAE9-40CF-A033-44D54A81E69F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4116:*:*:*:*:*:*",
"matchCriteriaId": "36D0331C-58EA-4B68-88C4-7A193BE5C62E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4117:*:*:*:*:*:*",
"matchCriteriaId": "3CA59781-E48C-487E-B3AF-96560F3152EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4118:*:*:*:*:*:*",
"matchCriteriaId": "E4812B9E-15CA-4700-9115-EAE0A97F0E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4119:*:*:*:*:*:*",
"matchCriteriaId": "CE513A2B-0371-4D3C-A502-CDA3DB474F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4120:*:*:*:*:*:*",
"matchCriteriaId": "5E498ACE-8332-4824-9AFE-73975D0AC9EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4121:*:*:*:*:*:*",
"matchCriteriaId": "F070B928-CF57-4502-BE26-AD3F13A6ED4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4122:*:*:*:*:*:*",
"matchCriteriaId": "635D24F2-9C60-4E1A-BD5F-E5312FA953A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4130:*:*:*:*:*:*",
"matchCriteriaId": "5E983854-36F8-407F-95C8-E386E0F82366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4131:*:*:*:*:*:*",
"matchCriteriaId": "29BFE206-CAB1-41CA-B5A5-E8CB67BCCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4140:*:*:*:*:*:*",
"matchCriteriaId": "7820751F-E181-4BB7-8DAF-BF21129B24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4141:*:*:*:*:*:*",
"matchCriteriaId": "14ADB666-EEB9-4C6D-93F4-5A45EBA55705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4150:*:*:*:*:*:*",
"matchCriteriaId": "93C4B398-8F9A-44AC-8E43-C4C471DE9565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4160:*:*:*:*:*:*",
"matchCriteriaId": "47FD0E59-3D75-4CF5-81A6-20C3B7FDE962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4161:*:*:*:*:*:*",
"matchCriteriaId": "C7EF76FE-3FD9-4548-A372-22E280484ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1:4162:*:*:*:*:*:*",
"matchCriteriaId": "0F95BCBE-399F-4CCC-A17B-C0C3A03A99AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C3ECBE-AE6A-4E5B-822B-2F905AA806DB",
"versionEndExcluding": "6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6100:*:*:*:*:*:*",
"matchCriteriaId": "DFEB1B4D-A7B2-464A-BEA7-5754D3BE1F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6101:*:*:*:*:*:*",
"matchCriteriaId": "C12C9470-3D3B-426E-93F9-79D8B9B25F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6110:*:*:*:*:*:*",
"matchCriteriaId": "227F1242-E0A9-45C5-9198-FD8D01F68ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6111:*:*:*:*:*:*",
"matchCriteriaId": "2FE57085-2085-4F62-9900-7B8DFC558418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6120:*:*:*:*:*:*",
"matchCriteriaId": "CAB7FA92-DC12-4E8A-91CC-3C98ED74E47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6121:*:*:*:*:*:*",
"matchCriteriaId": "D04530C2-E4D0-4717-95DB-B7C224348502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_datasecurity_plus:6.1:6125:*:*:*:*:*:*",
"matchCriteriaId": "9BBD018F-C1FD-4A0F-A145-253D86185F6E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*",
"matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*",
"matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*",
"matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*",
"matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*",
"matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*",
"matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*",
"matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*",
"matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5708:*:*:*:*:*:*",
"matchCriteriaId": "D3012C17-87F5-4FFD-B67B-BEFF2A390613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5709:*:*:*:*:*:*",
"matchCriteriaId": "1E33D368-2D81-4C7E-9405-7C0A86E97217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5710:*:*:*:*:*:*",
"matchCriteriaId": "7AA9384F-6401-4495-B558-23E5A7A7528C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5711:*:*:*:*:*:*",
"matchCriteriaId": "E492F955-0734-4AE4-A59F-572ADF0CFE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5712:*:*:*:*:*:*",
"matchCriteriaId": "11B71FFC-FD2E-4F84-BB1E-55BCA5B51099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BB59DF-8786-4DC0-9254-F88417CA7077",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4500:*:*:*:*:*:*",
"matchCriteriaId": "6BA1E99E-789C-4FDD-AA89-4C5391B95320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4502:*:*:*:*:*:*",
"matchCriteriaId": "7EA6EC34-6702-4D1A-8C63-5026416E01A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4503:*:*:*:*:*:*",
"matchCriteriaId": "0720F912-A070-43E9-BD23-4FAD00026DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4504:*:*:*:*:*:*",
"matchCriteriaId": "161C81D2-7281-4F89-9944-1B468B06C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4505:*:*:*:*:*:*",
"matchCriteriaId": "718EEA01-B792-4B7E-946F-863F846E8132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4507:*:*:*:*:*:*",
"matchCriteriaId": "DB72E7C9-FAC6-43E8-AC2A-5A7CBEAB919E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4508:*:*:*:*:*:*",
"matchCriteriaId": "47BBC46A-16C7-4E9B-A49A-8101F3039D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4509:*:*:*:*:*:*",
"matchCriteriaId": "D989FB08-624D-406B-8F53-A387900940F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4510:*:*:*:*:*:*",
"matchCriteriaId": "8ADB6CFE-1915-488C-93FE-96E8DF3655F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4511:*:*:*:*:*:*",
"matchCriteriaId": "EDCCB442-D0E4-47C7-A558-36657A70B3CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4512:*:*:*:*:*:*",
"matchCriteriaId": "8794F807-1D50-44D4-8969-FD68EFF2F643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4513:*:*:*:*:*:*",
"matchCriteriaId": "AFA2B4BA-1FBF-4C2E-872E-AD14084D1D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4514:*:*:*:*:*:*",
"matchCriteriaId": "6976DCDA-E27A-4367-8EFE-74DC6F63018F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4516:*:*:*:*:*:*",
"matchCriteriaId": "101908A5-CAEF-44F8-A6C8-FE01CA9FA836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4517:*:*:*:*:*:*",
"matchCriteriaId": "F957BE56-474A-4593-8710-F86DB13C7407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4518:*:*:*:*:*:*",
"matchCriteriaId": "B8479442-1A4A-4F27-9778-664C7693C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4519:*:*:*:*:*:*",
"matchCriteriaId": "EEF00ADC-105F-4B7E-857B-17565D67C7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4520:*:*:*:*:*:*",
"matchCriteriaId": "CA292949-6E99-49A5-94F7-23448494F5C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4523:*:*:*:*:*:*",
"matchCriteriaId": "863CBE20-60A5-4A08-BF16-4E40E88B9AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4525:*:*:*:*:*:*",
"matchCriteriaId": "28A105B4-7BF0-4054-AAE7-8453E13E2B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4527:*:*:*:*:*:*",
"matchCriteriaId": "94C78301-44B7-45B2-836E-15E45FAC8625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4528:*:*:*:*:*:*",
"matchCriteriaId": "F408067C-13C1-40BE-8488-9EB7FF0EDF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4529:*:*:*:*:*:*",
"matchCriteriaId": "A83FBC34-E024-47DA-AD8A-BF569F1F7EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4531:*:*:*:*:*:*",
"matchCriteriaId": "DC06E46F-441E-445B-A780-702B170901DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4532:*:*:*:*:*:*",
"matchCriteriaId": "A8A98287-DB5D-44A3-B835-54BACFC12944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4533:*:*:*:*:*:*",
"matchCriteriaId": "53F32DE7-F211-4BEF-99C1-CE38EFDBCCC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4535:*:*:*:*:*:*",
"matchCriteriaId": "91C3EE55-B71B-432C-A68E-BB126A715375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4536:*:*:*:*:*:*",
"matchCriteriaId": "FD48F21A-2D38-4EB8-B190-58CF176C1EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4537:*:*:*:*:*:*",
"matchCriteriaId": "76346162-0BF0-4B21-82D2-2548A989396A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:4.5:build4538:*:*:*:*:*:*",
"matchCriteriaId": "5313C4EF-A960-4BCA-AA97-EDC88402A175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4282B6D-6C85-4F13-B789-E641FB5986FE",
"versionEndExcluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4500:*:*:*:*:*:*",
"matchCriteriaId": "A160274C-F07A-43D9-A4DB-8773F004B9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4502:*:*:*:*:*:*",
"matchCriteriaId": "341DF953-3DC7-476E-A79D-8CBD011C52A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4503:*:*:*:*:*:*",
"matchCriteriaId": "AB6582AC-03DB-4905-BD03-EEDC314EB289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4504:*:*:*:*:*:*",
"matchCriteriaId": "2C3F1FDE-41F7-4541-B0F7-00DB7994ACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4505:*:*:*:*:*:*",
"matchCriteriaId": "92ADF3D2-0051-46E9-BF7A-7D429ABEC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4507:*:*:*:*:*:*",
"matchCriteriaId": "1592B321-1D60-418D-9CD8-61AEA57D8D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4508:*:*:*:*:*:*",
"matchCriteriaId": "E582FA9F-A043-4193-961D-A49159F1C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4509:*:*:*:*:*:*",
"matchCriteriaId": "F3A22F3D-C45F-4FD5-8EEC-3BF2EDA807A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4510:*:*:*:*:*:*",
"matchCriteriaId": "28EAB920-2F01-483E-9492-97DBFBD7535F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4511:*:*:*:*:*:*",
"matchCriteriaId": "92F1D0A8-8761-4876-92C1-EE9F6BF61C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4512:*:*:*:*:*:*",
"matchCriteriaId": "37976BE2-4233-46F7-B6BB-EFA778442AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4513:*:*:*:*:*:*",
"matchCriteriaId": "A0FF0731-4694-427A-8C9A-EBA7AEF6F1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4514:*:*:*:*:*:*",
"matchCriteriaId": "C069FF04-4061-4560-BA55-1784312047A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4516:*:*:*:*:*:*",
"matchCriteriaId": "0D428FA6-08BA-4F7E-B1C7-4AFD17919899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4517:*:*:*:*:*:*",
"matchCriteriaId": "C7AB124C-63E2-4CC2-B5C9-E7141E23D56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4518:*:*:*:*:*:*",
"matchCriteriaId": "0E2D49D5-6F95-42F5-8EF0-DAD47C51D141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4519:*:*:*:*:*:*",
"matchCriteriaId": "EF9477F5-C6FD-4589-917B-FD206371DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4520:*:*:*:*:*:*",
"matchCriteriaId": "B51D61F5-7198-4B33-8AFD-A78E34F6B1AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4523:*:*:*:*:*:*",
"matchCriteriaId": "8CB27467-3157-466A-B01C-461348BD95C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4525:*:*:*:*:*:*",
"matchCriteriaId": "2D575B4D-D58A-4B92-9723-4AB54E29924A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4527:*:*:*:*:*:*",
"matchCriteriaId": "E76BB070-9BC9-4712-B021-156871C3B06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4528:*:*:*:*:*:*",
"matchCriteriaId": "52D35850-9BE1-479A-B0AF-339E42BCA708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4529:*:*:*:*:*:*",
"matchCriteriaId": "681A77B6-7E22-4132-803B-A0AD117CE7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4531:*:*:*:*:*:*",
"matchCriteriaId": "EF72A1BF-EE5D-4F43-B463-7E51285D4D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4532:*:*:*:*:*:*",
"matchCriteriaId": "2FDD429A-E938-483A-BCCF-50A2AD4096CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4533:*:*:*:*:*:*",
"matchCriteriaId": "162D604A-7F0E-44CF-9E48-D8B54F8F3509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4535:*:*:*:*:*:*",
"matchCriteriaId": "AD38FA0F-B94F-4731-A652-07702EE0B808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4536:*:*:*:*:*:*",
"matchCriteriaId": "F2C3767E-A56B-4580-AF8C-9BF5852EE414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4537:*:*:*:*:*:*",
"matchCriteriaId": "5434E8CB-8DD0-4245-AF61-CF3A69BD0C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_m365_security_plus:4.5:4538:*:*:*:*:*:*",
"matchCriteriaId": "C2403DA1-FBF8-495E-B996-4060F6BE6EE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30C9A012-AD39-45B2-BA3F-8D7180FC5390",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4400:*:*:*:*:*:*",
"matchCriteriaId": "7C5E7CE6-F85E-49B2-9078-F661AA3723C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4401:*:*:*:*:*:*",
"matchCriteriaId": "1194B4C2-FBF2-4015-B666-235897971DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4402:*:*:*:*:*:*",
"matchCriteriaId": "4F5F0CA5-CEC3-4342-A7D1-3616C482B965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4403:*:*:*:*:*:*",
"matchCriteriaId": "B7B8A2F3-5F46-40B2-A4E7-118341443C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_sharepoint_manager_plus:4.4:4404:*:*:*:*:*:*",
"matchCriteriaId": "767BF16D-8CD8-4E8A-9A3B-CB11EB48FB9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD",
"versionEndExcluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*",
"matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*",
"matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*",
"matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*",
"matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*",
"matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*",
"matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*",
"matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*",
"matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*",
"matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*",
"matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*",
"matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*",
"matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*",
"matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*",
"matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*",
"matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*",
"matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*",
"matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*",
"matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*",
"matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*",
"matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*",
"matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*",
"matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*",
"matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*",
"matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*",
"matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*",
"matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*",
"matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6062:*:*:*:*:*:*",
"matchCriteriaId": "49E40C74-7077-4366-82A7-52B454725B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6070:*:*:*:*:*:*",
"matchCriteriaId": "038D7936-C837-4E49-89BC-D11DF2C875D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6071:*:*:*:*:*:*",
"matchCriteriaId": "D1DC87E8-3053-4823-BFDB-46BAF3FCEFF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6072:*:*:*:*:*:*",
"matchCriteriaId": "E384B5D8-CF9A-4C6D-AB4A-5B1A66768ADB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC606E6A-3523-41D5-94C9-A62E8630A687",
"versionEndExcluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4010:*:*:*:*:*:*",
"matchCriteriaId": "7001A0A7-159C-48A3-9800-DAFBA31D05BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4011:*:*:*:*:*:*",
"matchCriteriaId": "583B46D4-529F-404F-9CF3-4D7526889682",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4015:*:*:*:*:*:*",
"matchCriteriaId": "0D89C2A2-CE20-4954-8821-C73F9E3EC767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4016:*:*:*:*:*:*",
"matchCriteriaId": "A6B8B05F-0ECD-41C1-9FFD-0ADCF4046D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4020:*:*:*:*:*:*",
"matchCriteriaId": "233874F0-A19F-447C-ACE2-5DD06829C920",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4021:*:*:*:*:*:*",
"matchCriteriaId": "C4447E47-C6DB-440D-AF35-8130687E9BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4023:*:*:*:*:*:*",
"matchCriteriaId": "405ECB05-7E35-4927-A19A-92A4B7FE8B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4024:*:*:*:*:*:*",
"matchCriteriaId": "9F1EC2A5-7498-40F9-91A4-B004AEA1136C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4025:*:*:*:*:*:*",
"matchCriteriaId": "CEBB1CED-7B88-4E4B-89E8-E0E2B882E34C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4026:*:*:*:*:*:*",
"matchCriteriaId": "DD3B14B6-8329-43C4-AE42-13279E77275E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4027:*:*:*:*:*:*",
"matchCriteriaId": "7792B448-4D34-42F8-919C-344783D625E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4028:*:*:*:*:*:*",
"matchCriteriaId": "E297C040-0523-4A50-97AB-349880D5B3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4030:*:*:*:*:*:*",
"matchCriteriaId": "F86FEB8D-8A75-4C92-947D-CA7EDF8E0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4031:*:*:*:*:*:*",
"matchCriteriaId": "A238ED1B-6C11-44C9-BDBF-8A724AB7FE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4034:*:*:*:*:*:*",
"matchCriteriaId": "8ADCADB6-9764-4CA8-AB54-BCE6D0363E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4035:*:*:*:*:*:*",
"matchCriteriaId": "6E0C9493-EB87-4197-AF8B-BCA25488BCDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4036:*:*:*:*:*:*",
"matchCriteriaId": "E4FD31D3-69EB-4699-B31B-C18A0EA9D9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4040:*:*:*:*:*:*",
"matchCriteriaId": "FBD7855F-4B66-4F43-960C-73E69C52E865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4043:*:*:*:*:*:*",
"matchCriteriaId": "0C9C8B4D-CFFE-4CB4-8F11-FC778462CB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4045:*:*:*:*:*:*",
"matchCriteriaId": "36A68C2E-978A-4F82-AC61-E9E7CA9908A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4046:*:*:*:*:*:*",
"matchCriteriaId": "6C8D7EA7-7CC3-48B0-B966-71A69FDE6A7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4047:*:*:*:*:*:*",
"matchCriteriaId": "05D804B6-5990-42A7-A072-8F904A5262E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_log360_ueba:4.0:build4048:*:*:*:*:*:*",
"matchCriteriaId": "0C720653-317E-4B1C-AFA8-90FAE97430C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90001:*:*:*:*:*:*",
"matchCriteriaId": "A9C350FA-E483-4C06-A784-5679ED0471BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90063:*:*:*:*:*:*",
"matchCriteriaId": "15A47AA7-8B49-41EC-AB57-5706989DF756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90064:*:*:*:*:*:*",
"matchCriteriaId": "D1CCB7C8-86B9-4DA8-93D0-F96B81C82F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90065:*:*:*:*:*:*",
"matchCriteriaId": "397140D3-2424-42D9-9900-625EC4E95D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90066:*:*:*:*:*:*",
"matchCriteriaId": "BA8C9A27-572E-407F-826A-1206394044D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90067:*:*:*:*:*:*",
"matchCriteriaId": "7601CC24-FC2D-4805-A975-2D307DECDF2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90068:*:*:*:*:*:*",
"matchCriteriaId": "A513B136-7DC5-48DD-BDCB-1620A14849B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90069:*:*:*:*:*:*",
"matchCriteriaId": "0858CFDE-7D76-4A63-BE21-A73310AD17BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90070:*:*:*:*:*:*",
"matchCriteriaId": "1BD8F9F8-89EB-422E-A4B1-E715AFD72341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90071:*:*:*:*:*:*",
"matchCriteriaId": "E0271D12-94E8-4345-9666-4A47A5AAB824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90072:*:*:*:*:*:*",
"matchCriteriaId": "513337E6-D805-461B-812F-D6EEA0921883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90073:*:*:*:*:*:*",
"matchCriteriaId": "8EB5C610-33AC-486C-AF48-4A889D429420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90074:*:*:*:*:*:*",
"matchCriteriaId": "81FC1ED5-99FF-4C30-BCE0-5CDC7A5E4C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90075:*:*:*:*:*:*",
"matchCriteriaId": "EA473C80-4100-4170-9601-8C9EEB5F64CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90076:*:*:*:*:*:*",
"matchCriteriaId": "5D2C41A7-1602-43CD-9E6D-A0178931C020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90077:*:*:*:*:*:*",
"matchCriteriaId": "238E3508-0230-441E-8114-6EEB79E22632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90078:*:*:*:*:*:*",
"matchCriteriaId": "2C85C7DB-BC46-4D0A-8353-C2DB51BFFD85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90079:*:*:*:*:*:*",
"matchCriteriaId": "0BAAFCD6-5945-46BE-9380-5C2F79060B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90080:*:*:*:*:*:*",
"matchCriteriaId": "B6E108C0-075A-493D-B8AE-343D81BEC9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90081:*:*:*:*:*:*",
"matchCriteriaId": "CA614153-4E29-45AB-BBC2-9BA0CDAD4B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90082:*:*:*:*:*:*",
"matchCriteriaId": "F95B1920-005C-494C-A9A9-C72502E45723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90083:*:*:*:*:*:*",
"matchCriteriaId": "DA3C51B7-B8A0-42F4-ADC9-C949B610EE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90084:*:*:*:*:*:*",
"matchCriteriaId": "180D4816-E5D0-406B-B289-4B1984250B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90085:*:*:*:*:*:*",
"matchCriteriaId": "57883D51-1188-4C14-B2EF-26FD4B156526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90086:*:*:*:*:*:*",
"matchCriteriaId": "D5A59B7E-74CF-425F-B814-313D5F1F7670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90087:*:*:*:*:*:*",
"matchCriteriaId": "327F6B11-9176-4791-96D0-FAD8EBE9D5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90088:*:*:*:*:*:*",
"matchCriteriaId": "5E057023-0175-4DB5-98A4-942FB81AF59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90089:*:*:*:*:*:*",
"matchCriteriaId": "28E12A60-CEB6-46BD-A4E8-48651A651E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90090:*:*:*:*:*:*",
"matchCriteriaId": "25FA111C-01EA-49CA-BF67-A8C8C9A6E415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90091:*:*:*:*:*:*",
"matchCriteriaId": "855DD295-DB63-4AF1-8C5A-0904BF049658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90092:*:*:*:*:*:*",
"matchCriteriaId": "CDFE095C-C659-44BE-9740-C8B712165912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90093:*:*:*:*:*:*",
"matchCriteriaId": "FFB28D66-83BF-4685-9015-0B30021C59C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90094:*:*:*:*:*:*",
"matchCriteriaId": "9B82AA92-96B6-4841-BAC0-AA1487CBEB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90095:*:*:*:*:*:*",
"matchCriteriaId": "81A65567-42E6-416B-8FB0-2571FDF60207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90096:*:*:*:*:*:*",
"matchCriteriaId": "2193F4C6-5679-487B-82B8-C55A874ED5A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90097:*:*:*:*:*:*",
"matchCriteriaId": "124CB5EC-44C1-4136-B495-053F2299E59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90098:*:*:*:*:*:*",
"matchCriteriaId": "A183735E-12AF-4692-A228-FE3B1169ABBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90099:*:*:*:*:*:*",
"matchCriteriaId": "3C1C57BB-73A7-4B48-B99C-A18E1CE55553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90100:*:*:*:*:*:*",
"matchCriteriaId": "020F4E45-45D2-4F1A-BAF8-8C61F45F5770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90101:*:*:*:*:*:*",
"matchCriteriaId": "039F68D9-A36A-44BE-A457-790ECCB20FD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90102:*:*:*:*:*:*",
"matchCriteriaId": "23BDB028-FCCE-4A9D-887B-6A6F8166CFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90103:*:*:*:*:*:*",
"matchCriteriaId": "5210BAA8-2ECC-49AA-8408-815433DC28D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90104:*:*:*:*:*:*",
"matchCriteriaId": "C8DC19CC-3F95-4753-8037-FB627D1D6167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90105:*:*:*:*:*:*",
"matchCriteriaId": "93F07AFE-4E9A-4001-A17A-606A7B5E83F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90106:*:*:*:*:*:*",
"matchCriteriaId": "06B25C38-DE86-4F3E-918E-BC70FCC0054B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90107:*:*:*:*:*:*",
"matchCriteriaId": "E3F2E0E6-01D2-418D-872E-B117259E990F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90108:*:*:*:*:*:*",
"matchCriteriaId": "41D80E46-35FE-45E5-96D6-28691C0847DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90109:*:*:*:*:*:*",
"matchCriteriaId": "4D7768DA-1111-4557-A0D6-D3A74AC7FA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90110:*:*:*:*:*:*",
"matchCriteriaId": "B3001463-3729-4216-B420-602A11C74244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90111:*:*:*:*:*:*",
"matchCriteriaId": "9A68EC19-3A57-41C4-90FA-CB1BF20EB8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90112:*:*:*:*:*:*",
"matchCriteriaId": "193913B2-25D1-4779-B7E6-ACC5992AFC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90113:*:*:*:*:*:*",
"matchCriteriaId": "E7AA77AA-E00E-4125-A698-12B30434F632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90114:*:*:*:*:*:*",
"matchCriteriaId": "229FBCFC-2810-44D1-9687-A7C060F6F9D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90115:*:*:*:*:*:*",
"matchCriteriaId": "99C3BBC2-F1D3-4873-A8FB-1B79A2163F74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90116:*:*:*:*:*:*",
"matchCriteriaId": "4A06EF86-915C-4D09-965B-3A9D4DFC96B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90117:*:*:*:*:*:*",
"matchCriteriaId": "3D67F80D-E999-4E46-8386-8122DC17DBCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90118:*:*:*:*:*:*",
"matchCriteriaId": "2593B38A-1281-41C9-B065-E6EFDF6BD71C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90119:*:*:*:*:*:*",
"matchCriteriaId": "B61541E8-5818-475B-9E54-C45C71C14A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90120:*:*:*:*:*:*",
"matchCriteriaId": "84DE1BA0-8C36-44DF-91A0-96EA6EF736D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90121:*:*:*:*:*:*",
"matchCriteriaId": "BB2F2DEA-5E03-442E-A46B-B6C218BF3273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90122:*:*:*:*:*:*",
"matchCriteriaId": "CCEFA415-47D7-4DA2-B541-DD0B67AF30A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:build90123:*:*:*:*:*:*",
"matchCriteriaId": "B147B06A-969E-4541-A863-DF4045D39527",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B20C46B3-C23E-42AF-BA81-117B8541171B",
"versionEndExcluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90012:*:*:*:*:*:*",
"matchCriteriaId": "A897E8C8-6058-4BEC-BF00-3E8614238E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90013:*:*:*:*:*:*",
"matchCriteriaId": "8B39A3B3-5B9E-4B31-9CE2-3625EA9C9AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90014:*:*:*:*:*:*",
"matchCriteriaId": "FBF5AF44-E30B-4948-B0E2-42EE062DC3A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90015:*:*:*:*:*:*",
"matchCriteriaId": "356F078A-9887-423A-8BA7-74201DE109F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90016:*:*:*:*:*:*",
"matchCriteriaId": "9B8887A3-14C6-4DFB-9EBF-35966B4E6158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90017:*:*:*:*:*:*",
"matchCriteriaId": "3A0FE6B3-E037-45F4-A907-51CD99E7B8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90018:*:*:*:*:*:*",
"matchCriteriaId": "250CFA85-89C5-4F75-AF0F-BEA9C816E54E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90019:*:*:*:*:*:*",
"matchCriteriaId": "85B8B8F4-951D-446C-A8F8-EEBDC385D83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90020:*:*:*:*:*:*",
"matchCriteriaId": "288C8246-7367-4D10-A0D4-5426B7EA17A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90021:*:*:*:*:*:*",
"matchCriteriaId": "59326535-A08E-4588-BAB8-9DF094FB61F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90022:*:*:*:*:*:*",
"matchCriteriaId": "077B9DBD-190C-4F20-BD3A-64D6887B7930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90030:*:*:*:*:*:*",
"matchCriteriaId": "0587320F-C57E-41F7-B31F-1EA52ED234B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90031:*:*:*:*:*:*",
"matchCriteriaId": "0911BEEC-A6E4-440C-8217-A7FAAC1D3972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90032:*:*:*:*:*:*",
"matchCriteriaId": "A9D9805F-4F6B-4A15-A444-3B6538BCDDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90033:*:*:*:*:*:*",
"matchCriteriaId": "48901205-BDE9-4CBA-9E3B-779D949CBF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90034:*:*:*:*:*:*",
"matchCriteriaId": "69539391-6C6A-498A-B952-D4F12C2FEC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90035:*:*:*:*:*:*",
"matchCriteriaId": "4A36B8AA-987B-4112-8B67-5BC306F9CF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90036:*:*:*:*:*:*",
"matchCriteriaId": "96E9422A-CA9D-4BC8-90DB-3E3A1966E94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90041:*:*:*:*:*:*",
"matchCriteriaId": "11A2E17D-3B33-4531-B78B-156BC2C7E53A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90042:*:*:*:*:*:*",
"matchCriteriaId": "4C34129B-5A15-4BE9-BB15-66101A5EAB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90043:*:*:*:*:*:*",
"matchCriteriaId": "DA9A87D7-0707-4321-B5D2-2B4CBC66E838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90044:*:*:*:*:*:*",
"matchCriteriaId": "C2C06D73-9BEA-4604-BE73-3CE8A2DDD52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90056:*:*:*:*:*:*",
"matchCriteriaId": "DAA7B941-6FE6-45CA-931D-6414DFEA9B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90057:*:*:*:*:*:*",
"matchCriteriaId": "F7EEEF6C-DD29-4E6F-BED7-AE10184C2F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90058:*:*:*:*:*:*",
"matchCriteriaId": "D36AD9EC-82D0-451B-ADD4-1EEC0FDC389B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90072:*:*:*:*:*:*",
"matchCriteriaId": "F68164FC-9A09-4145-97B8-99EE5532E6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90074:*:*:*:*:*:*",
"matchCriteriaId": "2FB5646D-11C7-4878-9471-4F6D483CE979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90075:*:*:*:*:*:*",
"matchCriteriaId": "BBC0A0C3-C33E-46E9-A099-A5A66F576138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90076:*:*:*:*:*:*",
"matchCriteriaId": "76584957-0388-4421-8336-75EE90D00349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90077:*:*:*:*:*:*",
"matchCriteriaId": "05C542D5-7E3A-46E2-8CB6-A13159EFA4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90078:*:*:*:*:*:*",
"matchCriteriaId": "7E7BF415-29D3-4BD0-8613-317D7EC7C992",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90079:*:*:*:*:*:*",
"matchCriteriaId": "7F046602-4595-48C8-83F5-A43FD501003F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90080:*:*:*:*:*:*",
"matchCriteriaId": "FC5B464F-D327-4181-A911-2E3683B914B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90081:*:*:*:*:*:*",
"matchCriteriaId": "025D8F22-968F-44B6-83E1-13DAB7A514A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90082:*:*:*:*:*:*",
"matchCriteriaId": "F9F60549-59CE-47D0-BF2A-91B84A0B1984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90083:*:*:*:*:*:*",
"matchCriteriaId": "6F982139-0EDC-411C-A074-A29963DCA328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90084:*:*:*:*:*:*",
"matchCriteriaId": "FBED4ED7-E991-48D0-AE27-71F9DEA5EDA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90085:*:*:*:*:*:*",
"matchCriteriaId": "8C6BE721-D851-406E-9AAF-01F9A9E15ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90086:*:*:*:*:*:*",
"matchCriteriaId": "F1D6E935-53D3-462D-9DD8-91BFEC90BB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90087:*:*:*:*:*:*",
"matchCriteriaId": "E580F0AB-B840-4293-8639-4B7DD7981EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90088:*:*:*:*:*:*",
"matchCriteriaId": "2CC8FE34-A5C9-4EF7-AA05-BEE403AB3B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_secure_gateway_server:9.0:90090:*:*:*:*:*:*",
"matchCriteriaId": "A80444F6-755F-4FE3-96B3-744A842D40AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0026FC79-6554-4B68-89EB-D7A8422C7406",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "94F878CC-E691-41E9-A90D-72EA25038963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*",
"matchCriteriaId": "6D1EA156-BD95-4AAA-B688-0CD62CCDB60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*",
"matchCriteriaId": "8033E51C-D261-4A12-96CD-AE1F13BFD2AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*",
"matchCriteriaId": "9EE1E1E6-ED1C-443A-A576-AD47D65082B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*",
"matchCriteriaId": "3E283214-CE6A-4CD6-9E9B-7BF09C37447D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "8FF84A5E-C43B-4637-B725-1087D2057EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*",
"matchCriteriaId": "25AEF257-E1C1-4DFD-9EC0-9B2AC3920CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*",
"matchCriteriaId": "46E32091-F91D-4706-A4F9-DC658CF36A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*",
"matchCriteriaId": "AC7D1106-6708-4A84-A077-286376C72AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*",
"matchCriteriaId": "071B3368-D7C2-4EE1-808F-1F4A3C3A4756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*",
"matchCriteriaId": "4E9D5882-91D6-4E9D-AD8B-F3861D987826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*",
"matchCriteriaId": "17931D40-369C-430F-B5ED-FAF69FAA0E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*",
"matchCriteriaId": "02B4D022-BC43-4041-BA2B-60A6D42AD150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*",
"matchCriteriaId": "15FFD3F7-CB9F-4FB1-9F2C-CFDAE7E46FF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "5ED17849-BC14-4996-9DF9-7645B1E17374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*",
"matchCriteriaId": "D91F6CC5-EDBE-420F-8871-03B8D10254B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*",
"matchCriteriaId": "E82C682C-9F61-45B7-B934-8D6DDBA792AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*",
"matchCriteriaId": "2FC7728B-9FFC-4A8F-BE24-926B8C2823AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "78BE6CCE-706E-436B-A6E6-26E7D044B209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*",
"matchCriteriaId": "8BD54A67-C531-4642-90D4-C6E402D55AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*",
"matchCriteriaId": "9DF164BD-EF39-42E2-807D-F298D68A8D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*",
"matchCriteriaId": "5D85766D-1BAC-4477-96D6-EA989D392128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*",
"matchCriteriaId": "CE99520F-C8F3-46EA-9BBA-AAE2AB4AB8CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*",
"matchCriteriaId": "16D8A8F6-8BC3-438D-BF8B-9E2B46ECBF36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*",
"matchCriteriaId": "F3D18E27-EE06-4555-A675-1BAC7D3DD8E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*",
"matchCriteriaId": "0FEFDFF7-5538-4C53-922A-A5E71A0D643E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*",
"matchCriteriaId": "02463016-7156-470F-8535-EF4C7E150546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*",
"matchCriteriaId": "8DEB616C-2DDC-4138-B6FC-8B2680D35485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*",
"matchCriteriaId": "D51E7B22-9293-4086-B143-2D279597A5CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*",
"matchCriteriaId": "BB4D8585-6109-45C0-94B4-667D11F0509F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*",
"matchCriteriaId": "97CB62BA-09FA-446D-A8CF-958980B67F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*",
"matchCriteriaId": "F871111C-4B61-4C50-ABDA-78D8D988DCD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*",
"matchCriteriaId": "9950CFB9-FCDE-4696-97AF-251467270375",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*",
"matchCriteriaId": "B674CFD8-6AE7-420A-BD7A-DD7A068CA5D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*",
"matchCriteriaId": "56BCA911-733C-4F8C-B3CD-22F3E6CA1F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*",
"matchCriteriaId": "A1281E75-AC6D-4077-9207-7CA7E5BCB1CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*",
"matchCriteriaId": "CC052CBA-2B37-4E84-978D-36185EE1A3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "72CC7428-8DD0-45DB-8D80-C02CD9B6CB65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*",
"matchCriteriaId": "0C1691B0-FA38-4A29-8D49-D99A675C122A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*",
"matchCriteriaId": "194ACE61-101D-40C3-9377-12039533AB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*",
"matchCriteriaId": "86428D44-03BC-4528-ADB5-3AC05231759D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "B694D0FC-320A-44F9-9FFB-0706CDD3004C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*",
"matchCriteriaId": "BE298317-10EE-4A34-B4D0-8D03B727A75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*",
"matchCriteriaId": "B0A1B243-163D-461B-BEAB-81E6E2DB36EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*",
"matchCriteriaId": "5E86C3A0-700E-4CB2-AFDC-F203C61D413C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*",
"matchCriteriaId": "A550184D-13BD-4F2A-9DE5-AC66B496FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*",
"matchCriteriaId": "538BCF38-69B6-4686-B1F1-82B10175CCBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*",
"matchCriteriaId": "F29A6AE3-B864-4552-9BE9-074CB6935B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "7CD2AB8D-F638-48E0-A5D6-1E969F9998B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "76528168-A54D-4398-B558-6DC27ACCBFBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*",
"matchCriteriaId": "6C1DCA3B-41B8-402B-B5E8-2C3494C36B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*",
"matchCriteriaId": "531A9E5C-9C45-4982-8ADE-5B41CE5F5B48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*",
"matchCriteriaId": "FA70F031-A7EF-49F5-A1F6-C3DD33198D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*",
"matchCriteriaId": "5DF093BF-830B-4C9A-A4B2-41C7811E4EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*",
"matchCriteriaId": "AB64E7D3-D835-4F46-BD81-6B59CF7EB9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*",
"matchCriteriaId": "A2176672-0E34-4B46-9202-483F1D315836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*",
"matchCriteriaId": "FBD2726E-4AAA-4E7D-A8E7-89DB875E7E6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "94AF723B-F1B7-44A8-B654-7C10881A6AF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "0C65E8BE-968F-4AB8-BD3F-A123C66E576A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:*",
"matchCriteriaId": "9A4C70B1-A902-4835-BFFC-692CA91C1317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "06FE113C-94B6-419B-8AA0-767EA74D11ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:*",
"matchCriteriaId": "C30413D5-7F5B-47EE-825E-CEEF69DAC5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:*",
"matchCriteriaId": "57DA6C66-3235-4923-89D0-EF093FF4126F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:*",
"matchCriteriaId": "82307372-C2CF-4E19-9D1D-7D33FCCE8F5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "A5289D80-1C75-4819-B615-8259B25B1E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:*",
"matchCriteriaId": "25CC8F8B-9072-41E3-8045-25D12EE22427",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:*",
"matchCriteriaId": "6000E214-BF19-469C-A7CA-CC91465B2CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:*",
"matchCriteriaId": "1AA9EA4B-DD82-46E7-9C44-77AC076F61CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:*",
"matchCriteriaId": "50E697EA-0A78-477D-B726-AC54EE868244",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:*",
"matchCriteriaId": "E64AAB62-43C4-4284-B2AA-1DC55B972803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125346:*:*:*:*:*:*",
"matchCriteriaId": "E3A43E19-D06D-4856-AA55-02B8148EAB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125358:*:*:*:*:*:*",
"matchCriteriaId": "310C491E-92CE-4EE8-9CDE-70640DE9CAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125359:*:*:*:*:*:*",
"matchCriteriaId": "A82217B5-0A11-4BE6-ACEF-991B2DFE53D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125360:*:*:*:*:*:*",
"matchCriteriaId": "7C69DA1F-F0A3-4E9F-96E2-F7A4E9B876C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125361:*:*:*:*:*:*",
"matchCriteriaId": "033944E6-8A01-4566-81C4-2B76F10C2839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "3D969C61-1F9A-4B97-B6DA-04F84E3E2936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125364:*:*:*:*:*:*",
"matchCriteriaId": "9984754B-1FA5-4CDF-AFC3-BD97C6C6B177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125366:*:*:*:*:*:*",
"matchCriteriaId": "718427DB-57A7-4AB0-AA4C-7716E5A5F084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125367:*:*:*:*:*:*",
"matchCriteriaId": "CD43B869-6A7F-461D-A870-448C91FB7A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125375:*:*:*:*:*:*",
"matchCriteriaId": "98DD8376-4B21-4024-878D-DB74D1FF7A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "5E8B8FBA-39ED-4E7A-AA1C-A6C15E8C92B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125377:*:*:*:*:*:*",
"matchCriteriaId": "4742B198-8630-4A45-AE87-6731BF56081A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125378:*:*:*:*:*:*",
"matchCriteriaId": "3782ABA4-5247-4349-8CD8-BCE85B98D44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125379:*:*:*:*:*:*",
"matchCriteriaId": "C39E5DB9-1B75-4204-9B24-70F6294F1F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125380:*:*:*:*:*:*",
"matchCriteriaId": "F9459981-3E65-489C-9A70-B582EC9C8BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "BF90B539-9180-4A96-9E2F-F35DCA6DD720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125382:*:*:*:*:*:*",
"matchCriteriaId": "2A6D1150-602E-4006-9F6B-10C6649AC05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125386:*:*:*:*:*:*",
"matchCriteriaId": "FB168E3D-63AB-45D7-AAC1-2D01CD6956F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125392:*:*:*:*:*:*",
"matchCriteriaId": "B8DCEAE6-AAE6-40B0-83B2-A579A6BF9854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125393:*:*:*:*:*:*",
"matchCriteriaId": "FCFEA624-968F-4A0F-969D-2190B1269EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125394:*:*:*:*:*:*",
"matchCriteriaId": "64F9D21C-AC05-4629-864F-85AFA3789739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125397:*:*:*:*:*:*",
"matchCriteriaId": "07E47F97-63EC-4BF1-AE54-3B510B66202D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125398:*:*:*:*:*:*",
"matchCriteriaId": "160765FF-9A56-4072-9580-C6DCB573B061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "F1EE56C3-5F42-4D2C-AEC0-035078DAE445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125405:*:*:*:*:*:*",
"matchCriteriaId": "16593100-F288-4013-BF48-48CA482FC62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125410:*:*:*:*:*:*",
"matchCriteriaId": "5BCA02F3-EF72-4F28-9ABB-D75EB6CE3338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125411:*:*:*:*:*:*",
"matchCriteriaId": "D8052948-7F5B-4E63-B1B7-B244D6A0AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125413:*:*:*:*:*:*",
"matchCriteriaId": "B6359934-CA70-4A8A-99E5-806555900EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125414:*:*:*:*:*:*",
"matchCriteriaId": "83BAAE61-540D-4E36-8B63-2438EC3B1479",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125415:*:*:*:*:*:*",
"matchCriteriaId": "008A2BF2-E18B-492F-9DFF-19618F998664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125416:*:*:*:*:*:*",
"matchCriteriaId": "5023E77A-908C-41AE-ADC7-580F44ADC376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125417:*:*:*:*:*:*",
"matchCriteriaId": "797D16E7-484D-4793-9040-74B815DC52B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125420:*:*:*:*:*:*",
"matchCriteriaId": "7D923373-B575-44C8-9B4D-DB824EC59B68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125428:*:*:*:*:*:*",
"matchCriteriaId": "B88917EC-3ABB-475E-B374-272CE5272D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125430:*:*:*:*:*:*",
"matchCriteriaId": "BD457A1B-023A-42CF-ADED-648A061AAAE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125431:*:*:*:*:*:*",
"matchCriteriaId": "9B9E22A4-676A-4D75-850F-15E5EC9A2911",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125432:*:*:*:*:*:*",
"matchCriteriaId": "4E6BA9C0-59DB-49E5-826E-1CA885FA28CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125433:*:*:*:*:*:*",
"matchCriteriaId": "95715B71-FA63-40A2-9EA6-56250318FC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125434:*:*:*:*:*:*",
"matchCriteriaId": "2591F23D-DB1F-44B0-B67A-13483408DE4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125437:*:*:*:*:*:*",
"matchCriteriaId": "E4F035FB-54A9-47C0-8896-174A742E23B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125446:*:*:*:*:*:*",
"matchCriteriaId": "34B52052-FBFC-4803-B999-448A9385B613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125448:*:*:*:*:*:*",
"matchCriteriaId": "A1F97594-BF89-4B5D-B1CE-706708891450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "A436DAC3-05F7-48DE-A2E2-0084AE31D9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "544961BA-03CA-49D6-AB7C-CFF597B3BB8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "9CDBD0CB-8495-44A1-BF9B-29A195D9F718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "73B5365C-92ED-41CC-9B05-8BB1FE21F3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "B652092E-570C-4D4E-A133-627426C50F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "DC13FB20-119C-47F9-870D-399811661896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125457:*:*:*:*:*:*",
"matchCriteriaId": "BC457292-04FE-4643-8F1D-05DAEF3F70BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125466:*:*:*:*:*:*",
"matchCriteriaId": "29CBDA2B-5A6A-4DB0-AC37-EAD8E05B55BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "CD266A0D-E726-4BC7-B3B9-6E3176415188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125468:*:*:*:*:*:*",
"matchCriteriaId": "046B7B6F-85DE-4BDB-8860-ECA208C4D697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "C60E51D9-A842-49FF-8793-84C074DBE5EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125470:*:*:*:*:*:*",
"matchCriteriaId": "753B2FC9-342B-4456-85D9-27734BE7C6FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125476:*:*:*:*:*:*",
"matchCriteriaId": "BE930B14-4B22-4299-8DE8-7625342FC4E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "45B93007-AD6A-4978-9752-41DF72D34A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "863CBACB-F9A3-44AC-B795-C2C0EB5C9E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "AB28B644-BFD0-4588-B544-A139B26DDDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125486:*:*:*:*:*:*",
"matchCriteriaId": "944F7C2F-53D4-4933-BD63-DF15C5A5CD65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125487:*:*:*:*:*:*",
"matchCriteriaId": "F6D0F0D1-7DF5-4C8D-9B31-B347E5A567DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "870A721F-2991-4041-AB1D-DE3D953B8669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125489:*:*:*:*:*:*",
"matchCriteriaId": "4F7FC0E5-8D0D-45CF-AEFA-180B79BC8B0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125567:*:*:*:*:*:*",
"matchCriteriaId": "7D394493-D690-44F0-B3F0-FD39E46F31C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "AF8CBF57-EF1A-4C84-879B-1A4035F4236A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125587:*:*:*:*:*:*",
"matchCriteriaId": "2F1E924E-8896-41CE-82E2-F22943A02FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125588:*:*:*:*:*:*",
"matchCriteriaId": "FB058840-E3D0-45FA-B95F-3445A7719118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125589:*:*:*:*:*:*",
"matchCriteriaId": "FD9B23C4-3458-4E6C-B1AB-D4A36BE8FFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125597:*:*:*:*:*:*",
"matchCriteriaId": "D2A7AA89-7233-4624-894A-B2B996D1D270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125598:*:*:*:*:*:*",
"matchCriteriaId": "B6B402ED-8B64-4FB0-B9E7-76E499A4115F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125599:*:*:*:*:*:*",
"matchCriteriaId": "4E8B01F2-0A03-48CF-8BAE-556A9C3D88FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125601:*:*:*:*:*:*",
"matchCriteriaId": "3C07E022-B75C-4491-8A30-9A1532D0472C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125603:*:*:*:*:*:*",
"matchCriteriaId": "00E92DB5-8D53-4129-92D0-AD1DA0F1FEB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125604:*:*:*:*:*:*",
"matchCriteriaId": "913CD99C-8F47-47BD-BD7C-33762861BB08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125605:*:*:*:*:*:*",
"matchCriteriaId": "67B7F52E-7D7A-4AA9-9241-FFCC3DD49BBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125611:*:*:*:*:*:*",
"matchCriteriaId": "D02650C3-1A7F-4889-B6CB-11994054B5F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125612:*:*:*:*:*:*",
"matchCriteriaId": "01FEA1CA-351B-4E2B-A78E-60338682F97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125613:*:*:*:*:*:*",
"matchCriteriaId": "04C9E097-FE04-42BD-96C8-2A3A9FD50B25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125614:*:*:*:*:*:*",
"matchCriteriaId": "94F895DB-C865-4AED-A1D9-CE69C0EF52FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "8B565B12-283F-4323-9C88-FD3CF5646DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125616:*:*:*:*:*:*",
"matchCriteriaId": "9FDC3394-293E-44CF-A83F-FE047A4E4DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "01846F8F-D7D6-4CD9-B83E-41B70C691761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125628:*:*:*:*:*:*",
"matchCriteriaId": "CAE013FC-357D-42DA-B223-D40B3C813089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125629:*:*:*:*:*:*",
"matchCriteriaId": "E4BA87E9-5E37-41EE-835C-13F68ABC9C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125630:*:*:*:*:*:*",
"matchCriteriaId": "D2034E17-2DB9-4229-B7D4-D14761CEE699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125631:*:*:*:*:*:*",
"matchCriteriaId": "39FBAFB9-5703-4EEA-BFF3-45B958E0805F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A02A7E-02A8-4B74-AA9F-3DA0492748EF",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "24B04D73-0C55-49A8-B599-27C8C04948C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127001:*:*:*:*:*:*",
"matchCriteriaId": "97E74846-1666-4773-910D-77E0E19A7FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127002:*:*:*:*:*:*",
"matchCriteriaId": "BB90B809-9D97-469F-B8F6-41B4AEAA2D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "423C8618-9F3B-4B83-902C-FF01027EC54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127004:*:*:*:*:*:*",
"matchCriteriaId": "7E974B56-7A00-4582-AF8B-0D09B94477BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127100:*:*:*:*:*:*",
"matchCriteriaId": "7B6F8404-F624-41AA-BE8D-170D843EC290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "D0FF81E5-2134-4F45-9B39-2E3D5208BB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "0D5DA95F-7C0F-4D05-BD35-DED356D01692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127103:*:*:*:*:*:*",
"matchCriteriaId": "2B3A3EC3-DF7C-41A6-884C-C7C13D41B61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127104:*:*:*:*:*:*",
"matchCriteriaId": "89EE3E31-8F55-4E44-8522-A32D6887AE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127109:*:*:*:*:*:*",
"matchCriteriaId": "979ED7B4-FAE3-4E98-A303-290E498FFD81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127116:*:*:*:*:*:*",
"matchCriteriaId": "EDC62E2F-AB97-4008-A52B-9CDC341A06BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "93DF7023-22AE-4A84-8734-06239013C10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127118:*:*:*:*:*:*",
"matchCriteriaId": "2A128BED-75FA-42F1-9171-CBAEAA2366A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127119:*:*:*:*:*:*",
"matchCriteriaId": "5298BB50-8E22-490A-87C7-7F40B7F8F7C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127120:*:*:*:*:*:*",
"matchCriteriaId": "39C34F02-E413-4067-B958-86ADF89FA3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127122:*:*:*:*:*:*",
"matchCriteriaId": "A0673E69-A2DB-424C-BBF0-79D729230F1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127123:*:*:*:*:*:*",
"matchCriteriaId": "4F062A20-6FFE-479B-9E64-E4771490B041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "C598244E-7483-4762-AC27-BD8036FEFE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127133:*:*:*:*:*:*",
"matchCriteriaId": "B188A792-EF1A-4292-BD91-47635706C430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "BEFACD7A-D81B-4EDC-9E38-FD93FA0DE456",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127136:*:*:*:*:*:*",
"matchCriteriaId": "DF818138-079A-43BE-A8B5-5DA47FA443AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127138:*:*:*:*:*:*",
"matchCriteriaId": "27066A8F-75C4-42BF-A54B-543114B92995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127140:*:*:*:*:*:*",
"matchCriteriaId": "A239C6F8-3FC0-4510-B33F-14B25908E68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127141:*:*:*:*:*:*",
"matchCriteriaId": "E8399E84-1344-4472-91F3-F63255911876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127185:*:*:*:*:*:*",
"matchCriteriaId": "8888C77E-04A7-4C34-B497-504F6217E07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127186:*:*:*:*:*:*",
"matchCriteriaId": "7502D92A-3B51-4A76-88D6-E2D76A584075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "7E465A5F-C8B0-4AD0-8D6D-4823C5F8153D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127188:*:*:*:*:*:*",
"matchCriteriaId": "DBA622D6-CD85-4F0F-8CC3-39FE29754039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127189:*:*:*:*:*:*",
"matchCriteriaId": "A0D2828B-B897-4F1D-B657-436DB3CAC2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127191:*:*:*:*:*:*",
"matchCriteriaId": "98279B6E-8361-45CA-8912-F06972F4BD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127240:*:*:*:*:*:*",
"matchCriteriaId": "A7D879C8-E89F-45C1-9609-80B737080AFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "3D8FD2DE-18D9-4F50-9256-672435059876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "F01FEA58-BE5B-4CEC-831D-3BF05A20688D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "039C6DE6-DEA2-42E9-AE55-322E8E6B048C",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "55EA00B6-DE5D-4DE4-85AC-38A1216B4923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "BC4DF055-45CD-4B83-A7BA-59D6E46BD4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125119:*:*:*:*:*:*",
"matchCriteriaId": "F9B51EF5-800F-446B-9F2D-47D45445E73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "C4C2087D-1B7B-4DA4-8288-D5366BC9735F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "B8FE0307-3CA7-445E-BA42-27D65C298E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "F6F9CB58-3B55-4E6F-AE24-D16552EE3614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125138:*:*:*:*:*:*",
"matchCriteriaId": "006DB16B-34C4-4359-96A1-381F7C66BF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "7EFE37CC-58F5-4B08-95C2-D9DAFC8D9C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125162:*:*:*:*:*:*",
"matchCriteriaId": "4F102286-1D21-48AB-A1B4-ADB5A4D3EEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "7DDD3297-57ED-40D4-AC54-4484A3E9C633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "8F467A89-13F7-47E9-8285-041DB3F33603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "E8C93717-4E5A-4686-A83F-A7D4AC732144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "5A15AF17-8500-4102-AF1C-897360BB985C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "D9B364E3-45C1-4C71-BB6D-9D831449CF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "4CCB49B2-4AA1-4223-98F0-1E0872566BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "5D0A19E8-F0B3-446D-B991-C63657BC2A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "1C7CD9C4-861D-42C0-9209-0843613F94B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125363:*:*:*:*:*:*",
"matchCriteriaId": "AD44F42F-709B-4FBE-B9C7-9944A874D489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "23C53DA5-F50F-4FA5-AF8B-4EA174BB4E57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125395:*:*:*:*:*:*",
"matchCriteriaId": "199EE3C2-2D58-4777-8592-D000D135E2A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "0CE514D6-6C6A-4DAD-8DB2-FA1F12FFAFBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125412:*:*:*:*:*:*",
"matchCriteriaId": "461FD5FC-2D14-44FC-88F0-783EDDD63483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "65FD6158-1B99-4C17-A167-41D6B1CD62F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125449:*:*:*:*:*:*",
"matchCriteriaId": "188123C8-7E72-4690-A322-888BED90FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "2BF85206-863D-493C-88F4-15B0BA5276A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "3C9DE996-1DEC-4AF0-89FD-1E3DA3967BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "75FF4D85-97C8-4DF4-ADE6-EDE8EC2DD5BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "9CAC6467-19F7-4CB2-A5FC-B57A14F4636C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "60EB56E2-7367-4488-A00D-41464E86B06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "3E315636-0897-4421-882D-E8196F7ACAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "EE609902-17AF-491B-8749-C8AF4E0A8241",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "6EFF6295-3F73-448D-8109-453E0DFD2002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "35A535BC-644B-4B10-8F66-779FAF503683",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "DDD4AA74-4B07-44A1-A32F-88B0B1E90ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "52203983-0CC9-49DB-B100-49CD9F5CE688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "095362BF-69CD-458F-8A44-E3D6AFC8C41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "65F6F508-F0BF-4821-8B50-24A9B652522E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125564:*:*:*:*:*:*",
"matchCriteriaId": "4044EE7F-268B-4CC7-9982-80766BE5790E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "6F87A77C-E40F-4DDE-9260-FCF12B237FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125581:*:*:*:*:*:*",
"matchCriteriaId": "51CF193E-D5A6-423A-A5E2-B0ACF4B002E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125596:*:*:*:*:*:*",
"matchCriteriaId": "7C10F5A0-6FFE-4907-8A61-61CF11FC7A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "6B3F637D-3724-4314-BCC7-A6A06040DF00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "18598449-D0EE-445F-BA6A-2CD658DAF4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125657:*:*:*:*:*:*",
"matchCriteriaId": "6DC52F3E-EC5F-404B-ABD7-615B8AB522A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*",
"matchCriteriaId": "E3552F71-C708-41A4-9168-5673C086F507",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1DA3A9-36FB-4BCA-AEEC-231A2C3127D0",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "0BA30C26-D3D8-447C-BD7A-9BC166C8BF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127117:*:*:*:*:*:*",
"matchCriteriaId": "162E0203-17E1-427E-A351-33F75E8FE5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127134:*:*:*:*:*:*",
"matchCriteriaId": "61FB54BF-7A8F-4EE5-AF42-15E2B69E9DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127241:*:*:*:*:*:*",
"matchCriteriaId": "764139C9-FF6A-4BE0-BAF3-52F403C41393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.7:build127242:*:*:*:*:*:*",
"matchCriteriaId": "3D9805F6-1A56-4FBF-8F47-DAA80E4DE9FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FF3515-61C7-4A7A-9781-6D4A0340B2EC",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "77AA96FD-5AF0-4F80-8402-BAB460FF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125003:*:*:*:*:*:*",
"matchCriteriaId": "3095B4D1-170A-48B0-8C4A-7A7A54E42149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "8CE4267C-DAAE-4CEC-A6E3-D2213AA5EE57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125109:*:*:*:*:*:*",
"matchCriteriaId": "92EB7DC6-F227-40B3-A093-4D9495BBE272",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "40C478D3-7C1C-4FCE-99FA-976EE2754680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "DE6C88E4-D382-4729-AF5D-5697DCE26A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125122:*:*:*:*:*:*",
"matchCriteriaId": "6447F4D8-0943-4C8C-BBA7-42BECC181D80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "422B8CB6-3A14-4452-9192-F4CD5BF5D030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125141:*:*:*:*:*:*",
"matchCriteriaId": "41AB6C1A-CBEC-4DC1-94A4-9D14E82BA542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125142:*:*:*:*:*:*",
"matchCriteriaId": "6A2C060F-770B-4245-8490-5D2EB970FCA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "16E635CC-1591-4535-89EA-B8470BD885F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125150:*:*:*:*:*:*",
"matchCriteriaId": "D5F9E623-A42D-446D-ADDD-5F3C8F7BD9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125160:*:*:*:*:*:*",
"matchCriteriaId": "1E235AF0-4453-4439-A25D-FF78A89BB117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125179:*:*:*:*:*:*",
"matchCriteriaId": "620E40E9-9D83-4E14-8898-10C0718B1A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "1D72F651-BD8C-4564-AC1A-84A91F21EADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125194:*:*:*:*:*:*",
"matchCriteriaId": "19DD9FF2-583B-4079-9375-E1643FF9A54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125200:*:*:*:*:*:*",
"matchCriteriaId": "69EDC39C-68EE-488D-B740-9E45229BDF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "EC374820-208A-40EF-965C-50C19467BD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "397B1FAC-EB6E-4F17-B5D7-CBD47D581DF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125217:*:*:*:*:*:*",
"matchCriteriaId": "E771BCA5-9E65-4C8B-BF36-E90F641D2015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125221:*:*:*:*:*:*",
"matchCriteriaId": "A658460A-FAE0-4487-8CD6-FB3384664F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "6F104D17-7D08-42A5-BAF3-DEA475308FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "9F875BFA-18C2-42BF-8BC4-D02E15B395E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "3BBD9D22-7E92-4648-972E-E17D9472E08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "7219F9A0-CD1D-4BB4-A5E1-FA0495B49114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125361:*:*:*:*:*:*",
"matchCriteriaId": "0CBB0F67-9C81-44BC-9836-DE5FE40DDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "6D7C0250-52DA-423D-B061-0CDF39D15068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "6FC34D3F-FED3-4266-AB29-98FFC2002507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "DD1460AC-A719-4B75-B28B-748B6C262A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "B9024FE1-536C-4180-8115-6D97E7C324D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125410:*:*:*:*:*:*",
"matchCriteriaId": "8CD6EB21-3DC6-47A7-939A-AA3C8EFE278F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "3A5911F7-7A45-499D-B345-D9C082932BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125447:*:*:*:*:*:*",
"matchCriteriaId": "CBBD7A90-4F97-4DFD-B8E6-F24A9B72A1C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "87C6DCE0-5F40-4F50-8538-29CFF2DCC9EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125464:*:*:*:*:*:*",
"matchCriteriaId": "BECA9FA7-887B-4ECC-AA23-F75F96E42CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "CFD6D448-337E-4A63-8BE2-4DFC50AE7413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "33F2625D-0750-4ED1-8BA7-8141D8B7FB01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "A7D6DD58-62F3-4727-9AC1-E6B5EA71BB89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "33991587-174F-48D9-821D-BF44CF24924D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125484:*:*:*:*:*:*",
"matchCriteriaId": "18B8D15F-0286-4D64-96F8-D213E241813E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "EB8483C1-6586-4936-8BF8-ECE3F0F4D5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "A9318551-C41F-46E9-A196-5C01EAE276F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "5030E129-0401-457B-B4FB-974AD5A0A948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125557:*:*:*:*:*:*",
"matchCriteriaId": "74DAFF5A-7090-427F-A69E-2E90456485C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "8EB26A23-108E-4F39-84E3-2F1C197C8CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125582:*:*:*:*:*:*",
"matchCriteriaId": "DF57D557-B1B9-4B2E-81A5-B23C1A8521E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125605:*:*:*:*:*:*",
"matchCriteriaId": "E37E20B2-B678-45C1-9EF9-7D65172B485F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "722042FB-CFE5-4DE8-A196-65D2E035378F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "17CC4F0C-E69E-4FA5-8119-D71AD9C13E63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125621:*:*:*:*:*:*",
"matchCriteriaId": "B8DA03F6-8EF8-48E1-B4CF-A2B0CB6F1DEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50FB7952-0CED-4A64-A435-D588CA661630",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "8343B084-2009-44F2-B36C-C66719BBB1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "2574DD71-36A4-47AE-ABC3-D05D36FF8F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "B9D787C9-F37B-4193-A34F-080F7410BFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "55FB4705-D709-42F0-A562-6C5A05E00EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "4503E624-DC7F-4C5E-B715-0EC4676CA1ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340D8561-6110-49D8-BCDC-78A762FCD3E6",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "C61E9B3D-A39D-428E-A82F-5C4C225906C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "423D3372-F910-4006-9FE8-49A6B730AEBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125109:*:*:*:*:*:*",
"matchCriteriaId": "02B0ED3C-4729-4C70-8F06-6B507ED75BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "3CE0B4B2-CC4C-4F0F-B97E-A90C84377989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "DC2E4C62-9867-4D14-85B3-95F359BD0551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125122:*:*:*:*:*:*",
"matchCriteriaId": "5042AD90-4DF1-4A5A-9317-017102515284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "356A4F91-FA5B-4A09-841E-A380F580BA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "CBBDC611-498B-4175-9A88-5914ED6D3A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125141:*:*:*:*:*:*",
"matchCriteriaId": "10F3C9AD-9C1B-4FBD-8325-B56FCF96FFE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "F4EE5C24-C4AE-4F9D-B808-8930102A1389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125160:*:*:*:*:*:*",
"matchCriteriaId": "E0F45A48-5006-4748-B683-6C7CB469286A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125179:*:*:*:*:*:*",
"matchCriteriaId": "9796C62A-8FCA-4E1E-855E-7D67F77C9AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "1A1AC2FD-91BA-4B78-BB14-B9F2CEB09071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125200:*:*:*:*:*:*",
"matchCriteriaId": "A4B99FDC-EC68-4006-B359-E845AEF72FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "240A8575-F963-4DB4-B9C6-BE584A2F8271",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "B97F1BEE-F3C0-4DDD-B767-23C4BE9054AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125217:*:*:*:*:*:*",
"matchCriteriaId": "3B3482FA-9483-4EC7-9B09-E1BB63F02790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "2600FBC5-8358-4126-88F2-00F3BEE9B537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "FDD47CB0-3680-4ED9-821C-B673EACB953D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "D27B76C3-B8C8-48A6-AEF3-E9145B57EDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125357:*:*:*:*:*:*",
"matchCriteriaId": "6D77C576-035E-403B-A2B3-992496FAD202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "70608921-F02A-4121-BE90-919DD68DD0D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125376:*:*:*:*:*:*",
"matchCriteriaId": "93C50660-6ECF-4353-A15A-4F7B0F06D33A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125381:*:*:*:*:*:*",
"matchCriteriaId": "06D8864A-E6CC-4742-A2CF-B060E8DFA740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125393:*:*:*:*:*:*",
"matchCriteriaId": "D2572B3B-3BC4-4A83-92D5-8D7579821F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "0DD78F90-5231-4848-8971-9AB5ABBD2C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125412:*:*:*:*:*:*",
"matchCriteriaId": "7C94C142-168F-421C-B00B-3F42AA1CC9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125429:*:*:*:*:*:*",
"matchCriteriaId": "77CE4835-6540-4CF6-A31C-255DA52BB073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125447:*:*:*:*:*:*",
"matchCriteriaId": "E0544AE8-92B3-43A7-8F42-299AED1A40CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*",
"matchCriteriaId": "BEC805D2-CFDC-40DE-AA70-42A91461BEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*",
"matchCriteriaId": "4767BF5A-B867-44BB-B152-E2AFA63B06D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*",
"matchCriteriaId": "5855C471-07AB-4A96-9631-26C6C8B01F67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*",
"matchCriteriaId": "5075910F-3676-439A-879A-5CBE2C734347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*",
"matchCriteriaId": "20808F91-7F08-4BA9-9075-C54337EC68E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*",
"matchCriteriaId": "C700CE3B-31B5-4B4D-A378-70EC26D6F88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "A05AFF4D-4EF9-4939-81CC-0AB55DA596F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125464:*:*:*:*:*:*",
"matchCriteriaId": "86C3E31F-87E2-459F-8D1B-C6D1A237960D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125467:*:*:*:*:*:*",
"matchCriteriaId": "A3E7FC26-0000-4D4B-B489-DF0E2CD2B13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "13E6E0F9-9D03-4665-9C89-6BE62ADCB39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "0DE52003-E959-420F-89A1-C86D8FB12DBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125476:*:*:*:*:*:*",
"matchCriteriaId": "6E9C9051-7FDE-4DEE-85DC-0798524DC17A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "5BE3598F-CEB4-4553-BB50-AA778BBF8BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "4C71852D-D529-469A-9111-6D4DB8381BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125484:*:*:*:*:*:*",
"matchCriteriaId": "EC3F7DA9-3FBF-4D67-8BA5-2643E706F64F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "53E2DF01-9A39-4E50-BEDE-D49988CE5CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "0015664D-11BC-4DEE-BC5B-DB3D1FE8DF82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "8B49F887-4574-4B3C-A8A7-57F75B27447F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125557:*:*:*:*:*:*",
"matchCriteriaId": "C1E93E4D-0E54-41DF-843A-E8AE94EAD0BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125566:*:*:*:*:*:*",
"matchCriteriaId": "1617ADAD-2E13-4910-B600-3EC7E59B087C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "4E7B4955-F688-47DE-B1FF-D417EBDFF9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125582:*:*:*:*:*:*",
"matchCriteriaId": "5F982932-5513-411A-9CBF-3082C7ECEF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125584:*:*:*:*:*:*",
"matchCriteriaId": "0B5378E9-D011-4B12-8DEE-442F22789C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125585:*:*:*:*:*:*",
"matchCriteriaId": "8232CBA1-55DA-4F3C-A9E5-A204A25231C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "253569A5-4A2E-4163-88DC-C0FE6B79E06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "A30281F3-4DE2-4ED3-91A7-AE7A091C31E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9222E54C-0A7C-4828-9917-7CFD7EE8BC59",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "85778DB3-87D9-4C6A-9149-C58C45913268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127003:*:*:*:*:*:*",
"matchCriteriaId": "3973EC75-A70A-475A-82BB-409992F09392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127101:*:*:*:*:*:*",
"matchCriteriaId": "14537D55-3ABE-423C-B320-6811292620AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127130:*:*:*:*:*:*",
"matchCriteriaId": "FCB0BDE0-5BD3-4315-A74B-D7065ABC91BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127131:*:*:*:*:*:*",
"matchCriteriaId": "3E850CF4-9078-4E43-A87C-8323536E8CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.7:build127187:*:*:*:*:*:*",
"matchCriteriaId": "EC407852-45B1-47F4-A886-AF8B473A86D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB0C7A9-5511-4AC9-B5E4-74AAE6973E34",
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:*",
"matchCriteriaId": "BDA5DDA4-A67C-4370-B41D-02755FCF1F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:*",
"matchCriteriaId": "3D99CD97-1D6B-4C67-A909-E1CE28A78E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:*",
"matchCriteriaId": "70FEC14F-A53C-437C-981A-214B867142E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:*",
"matchCriteriaId": "895E57EA-A8F6-425B-9D08-654E03B92B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:*",
"matchCriteriaId": "9EE0C771-B2F6-4766-82FD-203967CE37D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:*",
"matchCriteriaId": "0DCD6102-19F7-42D2-A81B-C85824CA351D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:*",
"matchCriteriaId": "3C2C0A08-66BF-4FDC-A209-769234438844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:*",
"matchCriteriaId": "8DDC3649-12A9-41F3-A27D-646B5DF05E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:*",
"matchCriteriaId": "4F037A2A-4B9A-4EBC-94E2-87502960FF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:*",
"matchCriteriaId": "B15E99A3-989F-4EFD-BA26-DEC6992BD1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:*",
"matchCriteriaId": "B85BF117-503B-435F-8667-481D9AC7A788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:*",
"matchCriteriaId": "3AC2A038-F59B-4137-B02F-4C26E2EB9152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:*",
"matchCriteriaId": "F605C78F-8BE4-4E02-A7FB-CA9D24AFE7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:*",
"matchCriteriaId": "15557A07-E0E9-40DB-B013-0F4AD9556BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:*",
"matchCriteriaId": "79082C84-9F25-4A63-86AF-18CC4ADF71CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:*",
"matchCriteriaId": "A88678CE-DB64-4D66-8F2A-3C60058DC5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:*",
"matchCriteriaId": "88009BAC-1ECF-4BA3-855F-96C8789E476E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:*",
"matchCriteriaId": "E64F7B54-6B09-4B7E-B2AB-5EA73FD8E0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:*",
"matchCriteriaId": "2B94DFD2-374C-47A9-9D54-3FDB63197FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:*",
"matchCriteriaId": "9B0330D9-1276-4228-BA7E-B9E3B828E5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:*",
"matchCriteriaId": "89736956-D05D-437B-BC7A-850AA459C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:*",
"matchCriteriaId": "63B26424-7292-4F37-B86F-2A4E0AD32B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:*",
"matchCriteriaId": "2D2629FB-0A83-43CC-8C83-444036D05F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:*",
"matchCriteriaId": "4CFD99D1-CB43-437B-8E7D-6712DA5C9835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:*",
"matchCriteriaId": "6FEBA58F-E5B4-4B91-B78F-620C6EB9D3BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:*",
"matchCriteriaId": "F9F9D406-FE99-45C0-B1C0-4DEB5E843FE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:*",
"matchCriteriaId": "F4B86974-C598-4E1A-9FF0-5AF9638C1AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:*",
"matchCriteriaId": "C2838623-6F3F-417A-A644-FA226CCD8BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:*",
"matchCriteriaId": "454EDD2A-E79A-4D46-B841-BE5EC12C63D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:*",
"matchCriteriaId": "1557A740-D19D-4220-9B3E-395EFCB86F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:*",
"matchCriteriaId": "9C7DB404-A5C7-4EDB-BCB2-079A41E31428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:*",
"matchCriteriaId": "B738952C-DE7B-4C3D-85B9-ADBEDF007AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:*",
"matchCriteriaId": "897D140C-20FF-454D-8928-B11FFC84C016",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:*",
"matchCriteriaId": "18F93D7C-E8FC-4D4C-AEA0-C1187FB6D9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:*",
"matchCriteriaId": "2E799367-7DC7-478D-948A-17D717507DC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:*",
"matchCriteriaId": "74A5591E-75A4-4ACA-9C34-4907D645AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125459:*:*:*:*:*:*",
"matchCriteriaId": "0C67D5FC-5965-4AC1-80A5-931BE60B5E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125465:*:*:*:*:*:*",
"matchCriteriaId": "139E25D9-A4C8-4041-ADF7-4618DFEEE8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125469:*:*:*:*:*:*",
"matchCriteriaId": "6A65F3F7-45D3-49EB-9784-1F13FA2CBB0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125471:*:*:*:*:*:*",
"matchCriteriaId": "3795D2DE-622F-4C82-B133-0993A01AC1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125475:*:*:*:*:*:*",
"matchCriteriaId": "C0DB9896-BC25-46E3-AA6F-496A442BE525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125482:*:*:*:*:*:*",
"matchCriteriaId": "CE56A949-74AC-4138-8AD3-31F5763860EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125483:*:*:*:*:*:*",
"matchCriteriaId": "4A3DB867-FD46-46EB-AEF0-2B6E79371AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125485:*:*:*:*:*:*",
"matchCriteriaId": "7881FBB4-AC09-4EB9-B02F-3EA19237E095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125488:*:*:*:*:*:*",
"matchCriteriaId": "F391E432-98B8-4D97-8AD4-FB1A84FAF774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125490:*:*:*:*:*:*",
"matchCriteriaId": "61D908B2-446E-48EC-9F6B-91E8BF0F6A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125565:*:*:*:*:*:*",
"matchCriteriaId": "FD5F28B0-580E-4CD4-917A-496D35AD271A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125568:*:*:*:*:*:*",
"matchCriteriaId": "F0FC96AA-F2F4-4C35-8BF7-6318A2F624A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125583:*:*:*:*:*:*",
"matchCriteriaId": "6EA008F1-4E47-4753-8506-769B29AB5BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125584:*:*:*:*:*:*",
"matchCriteriaId": "7ED68CDE-1096-4490-8E6B-78F4AC2BB729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125598:*:*:*:*:*:*",
"matchCriteriaId": "34F8D9B7-3BD7-44C0-A292-162928729F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125606:*:*:*:*:*:*",
"matchCriteriaId": "ADFB3155-72F3-4DFA-BAE1-5725A40E6C8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125612:*:*:*:*:*:*",
"matchCriteriaId": "7446678C-E2DB-4EA2-BC9B-430C8EC7804B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125615:*:*:*:*:*:*",
"matchCriteriaId": "33C57314-5503-48BD-9ED2-D76517C9C0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125617:*:*:*:*:*:*",
"matchCriteriaId": "AC201C68-2C1D-4E75-9443-C5F853A37AB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6628EB7-96F6-48E3-8018-8F569972B811",
"versionEndExcluding": "12.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127000:*:*:*:*:*:*",
"matchCriteriaId": "B64ADEEB-502D-4588-BD80-156124437AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127102:*:*:*:*:*:*",
"matchCriteriaId": "2306C5F3-5413-4240-BAB6-E55849063A72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127105:*:*:*:*:*:*",
"matchCriteriaId": "87F97A9E-2AB3-4121-B5A7-0AA25780D336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.7:build127132:*:*:*:*:*:*",
"matchCriteriaId": "AD049643-9546-4D39-BD26-79661205C110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AEEB49-1C45-4B88-81C1-A1425B7E99A2",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "E73FEA45-5AA3-4C49-91D3-E07A53E34515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "8CA65161-0C0B-45E7-BBEA-FA214DBF964B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9097C0CA-001B-4604-BCDB-ED28AB292CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "C7F15A64-F15C-43E4-890A-7FEB0614C6DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "378A2C19-6176-4E95-AB9C-B60A1F1A1E87",
"versionEndExcluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7000:*:*:*:*:*:*",
"matchCriteriaId": "1E01D48C-A95F-421E-A6FA-D299D6BE02B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7001:*:*:*:*:*:*",
"matchCriteriaId": "727BD3A4-F0E1-4656-A640-B32406324707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7002:*:*:*:*:*:*",
"matchCriteriaId": "AC812003-B383-4E52-B9D3-90F4B0633C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7003:*:*:*:*:*:*",
"matchCriteriaId": "E6BE678E-EC68-478F-A4E0-73E032C88167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:7.0:7004:*:*:*:*:*:*",
"matchCriteriaId": "A5E373E7-9BB3-480F-A685-BAA7A9CD1BC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE99DDEC-EA8D-4E15-A227-30B242611078",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "52843587-34AD-4992-8E68-25CD02E247A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "BC2FC98F-84FF-4C90-BD7C-20A4910BED44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9794CB33-4932-4AA6-AC8C-B9FB6AE233FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "3CC0A1C9-2F24-422A-8478-95BDCE1EBE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.3:14304:*:*:*:*:*:*",
"matchCriteriaId": "4E541BD1-3BB8-4807-BDF8-45B0916416D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03",
"versionEndExcluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*",
"matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*",
"matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*",
"matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*",
"matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*",
"matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*",
"matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4308:*:*:*:*:*:*",
"matchCriteriaId": "18B78BDC-0EAA-4781-8D62-01E47AA3BF40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4309:*:*:*:*:*:*",
"matchCriteriaId": "A9EE7E99-B428-41EF-A693-7A316F695160",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4707D700-23C4-4BBD-9683-4E6D59989127",
"versionEndExcluding": "14.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14300:*:*:*:*:*:*",
"matchCriteriaId": "39E8C9FE-3C1C-4E32-8BD4-14A88C49F587",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14301:*:*:*:*:*:*",
"matchCriteriaId": "13A9F940-083E-451E-A330-877D67F617BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14302:*:*:*:*:*:*",
"matchCriteriaId": "9FE925DF-55E6-4E7F-B5CD-F5ED097BBBC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.3:14303:*:*:*:*:*:*",
"matchCriteriaId": "0031CF5C-78FE-4CB0-97CE-087C10A77EB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93",
"versionEndExcluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41B34AA8-294A-48A9-8579-44EB7EE192F3",
"versionEndExcluding": "12.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en varios productos ManageEngine que puede provocar la exposici\u00f3n de claves de cifrado. Un usuario de sistema operativo con pocos privilegios y acceso al host donde est\u00e1 instalado un producto ManageEngine afectado puede ver y utilizar la clave expuesta para descifrar las contrase\u00f1as de la base de datos del producto. Esto permite al usuario acceder a la base de datos del producto ManageEngine."
}
],
"id": "CVE-2023-6105",
"lastModified": "2025-02-13T18:16:03.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T21:15:08.490",
"references": [
{
"source": "vulnreport@tenable.com",
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.manageengine.com/security/advisory/CVE/CVE-2023-6105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2023-35"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}