CNNVD-202508-2378 Information
CNNVD ID
CNNVD-202508-2378
Related CVE
- CNNVD Published: 2025-08-20
Description (Chinese)
ZOHO ManageEngine ServiceDesk Plus等都是美国卓豪(ZOHO)公司的产品。ZOHO ManageEngine ServiceDesk Plus是一套基于ITIL架构的IT服务管理软件。ZOHO ManageEngine AssetExplorer是一套资产管理软件。ZOHO ManageEngine SupportCenter Plus是一种基于 Web 的客户支持软件。 ZOHO多款产品存在安全漏洞,该漏洞源于权限管理不当。以下产品及版本受到影响:ManageEngine Asset Explorer 7710之前版本、ServiceDesk Plus 15110之前版本、ServiceDesk Plus MSP 14940之前版本和SupportCenter Plus 14940之前版本。
Description (English)
ZOHO ManageEngine ServiceDesk Plus and others are products of ZOHO. ZOHO ManageEngine ServiceDesk Plus is an IT service management software based on the ITIL architecture. ZOHO ManageEngine AssemblyExplorer is an asset management software. ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software. There is a safety gap in ZOHO ’ s multiple products, which stems from inadequate authority management. The following products and versions were affected: ManageEngine Assembly Explorer 7710, Service Desk Plus 15110, Service Desk Plus MSP 14940 and SupportCenter Plus 14940.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
卓豪
Published
2025-08-20
Last Modified
2026-02-24
References
https://www.manageengine.com/products/service-desk/cve-2025-8309.html https://nvd.nist.gov/vuln/detail/CVE-2025-8309
Patch
https://www.manageengine.com/products/service-desk/cve-2025-8309.html
Share on: