VIR Vulnerability Intelligence Relay

CVE-2019-8394

unknown KEV
Published 2021-11-03 · Modified 2021-11-03
CVSS v3
CVSS v2
VIR risk
1.5

Description

Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.

CISA KEV

Vendor
Zoho
Product
ManageEngine
Due date
2022-05-03

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2019-8394

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.