Manageengine servicedesk plus
This hub aggregates every CVE we track for Manageengine servicedesk plus, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
51
CVEs tracked
5
Critical
13
High
4
In CISA KEV
Severity distribution
MEDIUM32HIGH13CRITICAL5LOW1
Monthly trend
0
2
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Manageengine servicedesk plus.
- CVE-2024-50053Stored XSS6.3
- CVE-2024-41150Stored XSS6.3
- CVE-2024-38869Incorrect Authorization8.3
- CVE-2024-27314Stored XSS Vulnerability2.4
- CVE-2023-6105ManageEngine Information Disclosure in Multiple Products5.5
- CVE-2023-35785Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plu...8.1
- CVE-2023-34197Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows u...5.4
- CVE-2023-29443Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via...4.9
- CVE-2023-26600ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.6.5
- CVE-2023-26601Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).7.5
- CVE-2023-23073Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.6.1
- CVE-2023-23078Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.6.1
- CVE-2023-23077Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.6.1
- CVE-2023-23074Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.6.1
- CVE-2022-47966Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because ...KEV9.8
Product normalization is registry-driven with AI assist and human review. How it works