Paulo Monteiro

**Name of the Vulnerable Software and Affected Versions** ManageEngine ServiceDesk Plus versions prior to 9312 **Description** The issue concerns an XML injection at the add Configuration items CMDB API. **Recommendations** For versions prior to 9312, update to version 9312 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ManageEngine ServiceDesk Plus versions prior to 9314 **Description** The issue is related to a local file inclusion vulnerability. This vulnerability is located in the `defModule` parameter within the `DefaultConfigDef.do` and `AssetDefaultConfigDef.do` files. **Recommendations** For versions prior to 9314, update to version 9314 or later to resolve the issue. As a temporary workaround, consider restricting access to the `defModule` parameter in the affected files until a patch is applied.