Known vulnerabilities in Zoho Corporation Zoho ManageEngine ServiceDesk Plus MSP

[]

Known vulnerabilities in Zoho Corporation Zoho ManageEngine ServiceDesk Plus MSP

Vendor: Zoho Corporation

Website: https://www.zohocorp.com/index.html

Total Security Bulletins: 16

Security bulletins (16)

Secuity bulletin	Severity	Status	Published
SB2025081958: Privilege escalation in ManageEngin ServiceDesk Plus and ServiceDesk Plus MSP	Medium	Patched	19.08.2025
SB2025072889: Authenticated file inclusion in ServiceDesk Plus MSP and SupportCenter Plus	Medium	Patched	28.07.2025
SB2025040723: Stored XSS in ManageEngine ServiceDesk and SupportCenter	Low	Patched	07.04.2025
SB2023081125: Multiple vulnerabilities in Zoho ManageEngine ServiceDesk Plus MSP	Medium	Patched	11.08.2023
SB2023072556: Multiple vulnerabilities in Zoho ManageEngine ServiceDesk Plus MSP	Medium	Patched	25.07.2023
SB2023072555: Security restrictions bypass in Zoho ManageEngine ServiceDesk Plus MSP	Medium	Patched	25.07.2023
SB2023061501: Multiple vulnerabilities in Zoho ManageEngine ServiceDesk Plus MSP	Low	Patched	15.06.2023
SB2023041104: Multiple vulnerabilities in ServiceDesk Plus MSP	Low	Patched	11.04.2023
SB2023022032: Multiple vulnerabilities in ServiceDesk Plus MSP	Medium	Patched	20.02.2023
SB2023022031: Multiple vulnerabilities in ServiceDesk Plus MSP	Medium	Patched	20.02.2023
SB2023012507: Authentication bypass in Zoho ManageEngine ServiceDesk Plus MSP	High	Patched	25.01.2023
SB2023011718: Remote code execution in multiple Zoho ManageEngine products	Critical	Patched Exploited	17.01.2023
SB2023011327: Authentication bypass in Zoho ManageEngine ServiceDesk Plus MSP	High	Patched	13.01.2023
SB2022120535: Multiple vulnerabilities in ManageEngine ServiceDesk Plus MSP and SupportCenter Plus	Medium	Patched	05.12.2022
SB2022112419: XXE in ServiceDesk Plus	Low	Patched	24.11.2022
SB2022112406: Command injection in Zoho ManageEngine ServiceDesk Plus MSP	Low	Patched	24.11.2022