CVE-2025-3444

Medium CVSS: 6.5

Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.

Vendor

Zohocorp

Product

Manageengine Servicedesk Plus Msp

CWE

CWE-434

Yayın Tarihi

2025-05-22 11:15:52

Güncelleme

2025-06-17 20:18:53

Source Identifier

0fc0942c-577d-436f-ae8e-945763c79b02

KEV Date Added

Kategoriler

CWE-434 Manageengine Servicedesk Plus Msp MEDIUM Zohocorp 2025

Referanslar

https://www.manageengine.com/products/service-desk-msp/cve-2025-3444.html

Benzer Kayıtlar

High

CVE-2026-27655

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on M…

High

CVE-2026-4107

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count a…

High

CVE-2026-4108

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Perm…

High

CVE-2026-3879

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Deta…

High

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client P…

High

CVE-2026-28703

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Betwee…