Servicedesk plus
This hub aggregates every CVE we track for Servicedesk plus, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH2
Monthly trend
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 7 most recently published vulnerabilities affecting Servicedesk plus.
- CVE-2024-50053Stored XSS6.3
- CVE-2019-10008Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when th...8.8
- CVE-2016-4890ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a ...5.3
- CVE-2016-4888Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.5.4
- CVE-2016-4889ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.8.8
- CVE-2015-1480ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a di...4.0
- CVE-2015-1479SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands vi...6.5
Product normalization is registry-driven with AI assist and human review. How it works