Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Manageengine_servicedesk_plus_msp | Zohocorp | * | 10.5 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10500 (including) | 10.5-10500 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10501 (including) | 10.5-10501 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10502 (including) | 10.5-10502 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10503 (including) | 10.5-10503 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10504 (including) | 10.5-10504 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10505 (including) | 10.5-10505 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10506 (including) | 10.5-10506 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10507 (including) | 10.5-10507 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10508 (including) | 10.5-10508 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10509 (including) | 10.5-10509 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10510 (including) | 10.5-10510 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10511 (including) | 10.5-10511 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10512 (including) | 10.5-10512 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10513 (including) | 10.5-10513 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10514 (including) | 10.5-10514 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10515 (including) | 10.5-10515 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10516 (including) | 10.5-10516 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10517 (including) | 10.5-10517 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10518 (including) | 10.5-10518 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10519 (including) | 10.5-10519 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10520 (including) | 10.5-10520 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10521 (including) | 10.5-10521 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10522 (including) | 10.5-10522 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10523 (including) | 10.5-10523 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10524 (including) | 10.5-10524 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10525 (including) | 10.5-10525 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10526 (including) | 10.5-10526 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10527 (including) | 10.5-10527 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10528 (including) | 10.5-10528 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10529 (including) | 10.5-10529 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10530 (including) | 10.5-10530 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10531 (including) | 10.5-10531 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10532 (including) | 10.5-10532 (including) |
| Manageengine_servicedesk_plus_msp | Zohocorp | 10.5-10533 (including) | 10.5-10533 (including) |