← Back

CVE-2022-40770

nvd nist
Published: Nov 23, 2022Modified: Apr 28, 2025

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.

Affected (51)

Zohocorp
3 products
Manageengine Servicedesk Plus
Manageengine Servicedesk Plus Msp
Manageengine Supportcenter Plus
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus
Before 13.0
Manageengine Servicedesk Plus
Version 13.0 13000
Manageengine Servicedesk Plus
Version 13.0 13001
Manageengine Servicedesk Plus
Version 13.0 13002
Manageengine Servicedesk Plus
Version 13.0 13003
Manageengine Servicedesk Plus
Version 13.0 13004
Manageengine Servicedesk Plus
Version 13.0 13005
Manageengine Servicedesk Plus
Version 13.0 13006
Manageengine Servicedesk Plus
Version 13.0 13007
Manageengine Servicedesk Plus
Version 13.0 13008
Manageengine Servicedesk Plus
Version 13.0 13009
Manageengine Servicedesk Plus
Version 13.0 13010
Configuration B
13 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus Msp
Before 10.6
Manageengine Servicedesk Plus Msp
Version 10.6
Manageengine Servicedesk Plus Msp
Version 10.6 10600
Manageengine Servicedesk Plus Msp
Version 10.6 10601
Manageengine Servicedesk Plus Msp
Version 10.6 10602
Manageengine Servicedesk Plus Msp
Version 10.6 10603
Manageengine Servicedesk Plus Msp
Version 10.6 10604
Manageengine Servicedesk Plus Msp
Version 10.6 10605
Manageengine Servicedesk Plus Msp
Version 10.6 10606
Manageengine Servicedesk Plus Msp
Version 10.6 10607
Manageengine Servicedesk Plus Msp
Version 10.6 10608
Manageengine Servicedesk Plus Msp
Version 10.6 10609
Manageengine Servicedesk Plus Msp
Version 10.6 10610
Configuration C
26 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Supportcenter Plus
Before 11.0
Manageengine Supportcenter Plus
Version 11.0 11000
Manageengine Supportcenter Plus
Version 11.0 11001
Manageengine Supportcenter Plus
Version 11.0 11002
Manageengine Supportcenter Plus
Version 11.0 11003
Manageengine Supportcenter Plus
Version 11.0 11004
Manageengine Supportcenter Plus
Version 11.0 11005
Manageengine Supportcenter Plus
Version 11.0 11006
Manageengine Supportcenter Plus
Version 11.0 11007
Manageengine Supportcenter Plus
Version 11.0 11008
Manageengine Supportcenter Plus
Version 11.0 11009
Manageengine Supportcenter Plus
Version 11.0 11010
Manageengine Supportcenter Plus
Version 11.0 11011
Manageengine Supportcenter Plus
Version 11.0 11012
Manageengine Supportcenter Plus
Version 11.0 11013
Manageengine Supportcenter Plus
Version 11.0 11014
Manageengine Supportcenter Plus
Version 11.0 11015
Manageengine Supportcenter Plus
Version 11.0 11016
Manageengine Supportcenter Plus
Version 11.0 11017
Manageengine Supportcenter Plus
Version 11.0 11018
Manageengine Supportcenter Plus
Version 11.0 11019
Manageengine Supportcenter Plus
Version 11.0 11020
Manageengine Supportcenter Plus
Version 11.0 11021
Manageengine Supportcenter Plus
Version 11.0 11022
Manageengine Supportcenter Plus
Version 11.0 11024
Manageengine Supportcenter Plus
Version 11.0 11025

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.