CVE-2019-8395

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0830%

EPSS Percentile25.53th

PublishedFeb 17, 2019

Last ModifiedNov 21, 2024

Vulnerability Description

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.

Affected Platforms (CPE)

📦

Zohocorp

Manageengine Servicedesk Plus

< 10.0

References & Advisories

🔗 https://www.manageengine.com/products/service-desk/readme.html

Related Vulnerabilities

CVE-2021-374159.8

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without aut...

CVE-2021-315319.8

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

CVE-2021-445269.8

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...