CVE-2022-35403

Published: Jul 12, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)

Affected (65)

Products: Zohocorp: Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus, Manageengine Assetexplorer

Zohocorp

4 products

Manageengine Servicedesk Plus

Manageengine Servicedesk Plus Msp

Manageengine Supportcenter Plus

Manageengine Assetexplorer

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Before 13.0
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13000
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13001
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13002
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13003
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13004
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13005
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13006
Zohocorp Manageengine Servicedesk Plus	Version 13.0 13007

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus Msp	Before 10.6
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10600
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10601
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10602
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10603
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10604
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10605

Configuration C

23 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Supportcenter Plus	Before 11.0
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11000
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11001
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11002
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11003
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11004
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11005
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11006
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11007
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11008
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11009
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11010
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11011
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11012
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11013
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11014
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11015
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11016
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11017
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11018
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11019
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11020
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11021

Configuration D

26 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Assetexplorer	Before 6.9
Zohocorp Manageengine Assetexplorer	Version 6.9 6900
Zohocorp Manageengine Assetexplorer	Version 6.9 6901
Zohocorp Manageengine Assetexplorer	Version 6.9 6902
Zohocorp Manageengine Assetexplorer	Version 6.9 6903
Zohocorp Manageengine Assetexplorer	Version 6.9 6904
Zohocorp Manageengine Assetexplorer	Version 6.9 6905
Zohocorp Manageengine Assetexplorer	Version 6.9 6906
Zohocorp Manageengine Assetexplorer	Version 6.9 6907
Zohocorp Manageengine Assetexplorer	Version 6.9 6908
Zohocorp Manageengine Assetexplorer	Version 6.9 6909
Zohocorp Manageengine Assetexplorer	Version 6.9 6950
Zohocorp Manageengine Assetexplorer	Version 6.9 6951
Zohocorp Manageengine Assetexplorer	Version 6.9 6952
Zohocorp Manageengine Assetexplorer	Version 6.9 6953
Zohocorp Manageengine Assetexplorer	Version 6.9 6954
Zohocorp Manageengine Assetexplorer	Version 6.9 6955
Zohocorp Manageengine Assetexplorer	Version 6.9 6956
Zohocorp Manageengine Assetexplorer	Version 6.9 6957
Zohocorp Manageengine Assetexplorer	Version 6.9 6970
Zohocorp Manageengine Assetexplorer	Version 6.9 6971
Zohocorp Manageengine Assetexplorer	Version 6.9 6972
Zohocorp Manageengine Assetexplorer	Version 6.9 6973
Zohocorp Manageengine Assetexplorer	Version 6.9 6974
Zohocorp Manageengine Assetexplorer	Version 6.9 6975
Zohocorp Manageengine Assetexplorer	Version 6.9 6976

References (2)

https://www.manageengine.com/products/service-desk/cve-2022-35403.html

Source: cve@mitre.org

PatchVendor Advisory

https://www.manageengine.com/products/service-desk/cve-2022-35403.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.