CVE-2024-27314 - Vulnerability Details

Zoho ManageEngine ServiceDesk Plus versions below 14730, ServiceDesk Plus MSP below 14720 and SupportCenter Plus below 14720 are vulnerable to stored XSS in the Custom Actions menu on the request details. This vulnerability can be exploited only by the SDAdmin role users.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zohocorp	Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus

Configuration 1 [-]

OR	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus::::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.7:14700::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.7:14710::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.7:14720::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp::::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.7:14700::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.7:14710::::::
	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus::::::::
	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.7:14700::::::
	cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.7:14710::::::

No data.

References

Link	Providers
https://www.manageengine.com/products/service-desk/cve-2024-27314.html

History

Tue, 17 Jun 2025 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zohocorp Zohocorp manageengine Servicedesk Plus Zohocorp manageengine Servicedesk Plus Msp Zohocorp manageengine Supportcenter Plus
CPEs		cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:::::::: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.7:14700:::::: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.7:14710:::::: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.7:14720:::::: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:::::::: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.7:14700:::::: cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.7:14710:::::: cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:::::::: cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.7:14700:::::: cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.7:14710::::::
Vendors & Products		Zohocorp Zohocorp manageengine Servicedesk Plus Zohocorp manageengine Servicedesk Plus Msp Zohocorp manageengine Supportcenter Plus

MITRE

Status: PUBLISHED

Assigner: ManageEngine

Published: 2024-05-27T07:03:13.441Z

Updated: 2024-08-02T00:27:59.873Z

Reserved: 2024-02-23T06:13:18.187Z

Link: CVE-2024-27314

Vulnrichment

Updated: 2024-08-02T00:27:59.873Z

NVD

Status : Analyzed

Published: 2024-05-27T07:15:09.297

Modified: 2025-06-17T20:18:05.387

Link: CVE-2024-27314

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object