PT-2024-29295 · Zoho · Manageengine Servicedesk Plus+1
Muhammed Mekkawy
·
Published
2024-08-23
·
Updated
2024-08-27
·
CVE-2024-41150
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ManageEngine ServiceDesk Plus versions through 14810
ManageEngine ServiceDesk Plus MSP versions through 14800
ManageEngine SupportCenter Plus versions through 14800
Description
A Stored Cross-site Scripting vulnerability in the request module affects ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus. This issue allows for potential exploitation.
Recommendations
For ManageEngine ServiceDesk Plus versions through 14810, update to version 14820 to resolve the issue.
For ManageEngine ServiceDesk Plus MSP versions through 14800, ensure your software is updated to protect against vulnerabilities, but the specific fixed version is not provided.
For ManageEngine SupportCenter Plus versions through 14800, consider temporarily disabling the request module until a patch is available, as the specific fixed version is not provided.
At the moment, there is no information about a newer version that contains a fix for ManageEngine ServiceDesk Plus MSP and SupportCenter Plus.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Manageengine Servicedesk Plus
Manageengine Supportcenter Plus