Muhammed Mekkawy

**Name of the Vulnerable Software and Affected Versions** ManageEngine Analytics Plus versions prior to 6130 Zoho Analytics versions prior to 6130 **Description** The issue is related to an AD only account takeover due to a hardcoded sensitive token. This allows for unauthorized access. The estimated number of potentially affected devices is not provided. **Recommendations** For ManageEngine Analytics Plus versions prior to 6130, update to version 6130 or later. For Zoho Analytics versions prior to 6130, update to version 6130 or later. As a temporary workaround, consider restricting access to sensitive areas of the application until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ManageEngine ServiceDesk Plus versions through 14810 ManageEngine ServiceDesk Plus MSP versions through 14800 ManageEngine SupportCenter Plus versions through 14800 **Description** A Stored Cross-site Scripting vulnerability in the request module affects ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus. This issue allows for potential exploitation. **Recommendations** For ManageEngine ServiceDesk Plus versions through 14810, update to version 14820 to resolve the issue. For ManageEngine ServiceDesk Plus MSP versions through 14800, ensure your software is updated to protect against vulnerabilities, but the specific fixed version is not provided. For ManageEngine SupportCenter Plus versions through 14800, consider temporarily disabling the request module until a patch is available, as the specific fixed version is not provided. At the moment, there is no information about a newer version that contains a fix for ManageEngine ServiceDesk Plus MSP and SupportCenter Plus.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104 Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions from 128151 before 128238 Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions from 128247 before 128250 **Description** The issue is related to a Stored XSS vulnerability in the reports module. **Recommendations** For versions before 128104, update to a version after 128104 to resolve the issue. For versions from 128151 before 128238, update to a version after 128238 to resolve the issue. For versions from 128247 before 128250, update to a version after 128250 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ITOM products versions from 128234 to 128248 **Description** The issue is related to a stored cross-site scripting vulnerability in the proxy server option. **Recommendations** For versions from 128234 to 128248, update to a version that fixes the stored cross-site scripting vulnerability in the proxy server option.