CVE-2020-14048
HIGHManageEngine ServiceDesk Plus < 11.1 build 11115 - Unauthenticated Agent Installation Status Manipulation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-14048. PoCs published by eLeN3Re.
AI-analyzed exploit summary The repository contains only a README with minimal details about CVE-2020-14048, an authentication bypass vulnerability in Zoho ManageEngine Service Desk Plus. No exploit code or technical analysis is provided.
Description
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.
Exploits (1)
gitlab
STUB
by eLeN3Re · poc
https://gitlab.com/eLeN3Re/CVE-2020-14048
The repository contains only a README with minimal details about CVE-2020-14048, an authentication bypass vulnerability in Zoho ManageEngine Service Desk Plus. No exploit code or technical analysis is provided.
Classification
Stub 90%
Attack Type
Auth Bypass
Complexity
Theoretical
Reliability
Theoretical
Target:
Zoho ManageEngine Service Desk Plus 11.1 Build 11114 and before
No auth needed
Prerequisites:
none specified
devstral-2 · analyzed Feb 23, 2026
Full analysis →
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.manageengine.com/products/service-desk/on-premises/readme.html
Third Party Advisory x_refsource_misc
https://gitlab.com/eLeN3Re/CVE-2020-14048
Scores
CVSS v3
7.5
EPSS
0.0485
EPSS Percentile
90.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-306
Status
published
Products (2)
zohocorp/manageengine_servicedesk_plus
8.2 (18 CPE variants)
zohocorp/manageengine_servicedesk_plus
9.0 (32 CPE variants)
Published
Jun 12, 2020
Tracked Since
Feb 18, 2026