CVE-2019-8395

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0830%

EPSS Percentile25.53th

Published2019年2月17日

Last Modified2024年11月21日

Vulnerability Description

An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10007 via an attachment to a request.

Affected Platforms (CPE)

📦

Zohocorp

Manageengine Servicedesk Plus

< 10.0

References & Advisories

🔗 https://www.manageengine.com/products/service-desk/readme.html

相关漏洞威胁

CVE-2021-374159.8

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without aut...

CVE-2021-315319.8

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

CVE-2021-445269.8

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...