Esther

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 **Description** The issue concerns an authenticated Local File Inclusion (LFI) in the Admin module of the software, specifically where help card content is loaded. **Recommendations** For versions below 14920, update to version 14920 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin module until a patch is available. Avoid using the vulnerable functionality in the Admin module where help card content is loaded until the issue is resolved.