Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ServiceDesk Plus

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-8309
Assigner-Zohocorp
ShareView Details
Assigner-Zohocorp
CVSS Score-8.1||HIGH
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 16:53
Updated-22 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User privilege escalation vulnerability

There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)
Product-ServiceDesk PlusAsset ExplorerSupportCenter PlusServiceDesk Plus MSP
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-50053
Assigner-ManageEngine
ShareView Details
Assigner-ManageEngine
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 3.43%
||
7 Day CHG~0.00%
Published-21 Mar, 2025 | 06:01
Updated-05 May, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS

Zohocorp ManageEngine ServiceDesk Plus versions below 14920 , ServiceDesk Plus MSP and SupportCentre Plus versions below 14910 are vulnerable to Stored XSS in the task feature.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_supportcentre_plusmanageengine_servicedesk_plus_mspmanageengine_servicedesk_plusServiceDesk PlusServiceDesk Plus MSPSupportCentre Plus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-41150
Assigner-ManageEngine
ShareView Details
Assigner-ManageEngine
CVSS Score-6.3||MEDIUM
EPSS-0.64% / 69.68%
||
7 Day CHG~0.00%
Published-23 Aug, 2024 | 14:08
Updated-27 Aug, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS

An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.

Action-Not Available
Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusmanageengine_supportcenter_plusmanageengine_servicedesk_plus_mspSupportCenter PlusServiceDesk Plus MSPServiceDesk Plus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')