← Back

CVE-2022-40771

nvd nist
Published: Nov 23, 2022Modified: Apr 28, 2025

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

Affected (64)

Zohocorp
4 products
Manageengine Servicedesk Plus
Manageengine Servicedesk Plus Msp
Manageengine Supportcenter Plus
Manageengine Assetexplorer
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus
Before 14.0
Manageengine Servicedesk Plus
Version 14.0
Manageengine Servicedesk Plus
Version 14.0 14000
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus Msp
Before 13.0
Manageengine Servicedesk Plus Msp
Version 13.0
Manageengine Servicedesk Plus Msp
Version 13.0 13000
Configuration C
27 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Supportcenter Plus
Before 11.0
Manageengine Supportcenter Plus
Version 11.0
Manageengine Supportcenter Plus
Version 11.0 11000
Manageengine Supportcenter Plus
Version 11.0 11001
Manageengine Supportcenter Plus
Version 11.0 11002
Manageengine Supportcenter Plus
Version 11.0 11003
Manageengine Supportcenter Plus
Version 11.0 11004
Manageengine Supportcenter Plus
Version 11.0 11005
Manageengine Supportcenter Plus
Version 11.0 11006
Manageengine Supportcenter Plus
Version 11.0 11007
Manageengine Supportcenter Plus
Version 11.0 11008
Manageengine Supportcenter Plus
Version 11.0 11009
Manageengine Supportcenter Plus
Version 11.0 11010
Manageengine Supportcenter Plus
Version 11.0 11011
Manageengine Supportcenter Plus
Version 11.0 11012
Manageengine Supportcenter Plus
Version 11.0 11013
Manageengine Supportcenter Plus
Version 11.0 11014
Manageengine Supportcenter Plus
Version 11.0 11015
Manageengine Supportcenter Plus
Version 11.0 11016
Manageengine Supportcenter Plus
Version 11.0 11017
Manageengine Supportcenter Plus
Version 11.0 11018
Manageengine Supportcenter Plus
Version 11.0 11019
Manageengine Supportcenter Plus
Version 11.0 11020
Manageengine Supportcenter Plus
Version 11.0 11021
Manageengine Supportcenter Plus
Version 11.0 11022
Manageengine Supportcenter Plus
Version 11.0 11024
Manageengine Supportcenter Plus
Version 11.0 11025
Configuration D
31 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Assetexplorer
Before 6.9
Manageengine Assetexplorer
Version 6.9
Manageengine Assetexplorer
Version 6.9 6900
Manageengine Assetexplorer
Version 6.9 6901
Manageengine Assetexplorer
Version 6.9 6902
Manageengine Assetexplorer
Version 6.9 6903
Manageengine Assetexplorer
Version 6.9 6904
Manageengine Assetexplorer
Version 6.9 6905
Manageengine Assetexplorer
Version 6.9 6906
Manageengine Assetexplorer
Version 6.9 6907
Manageengine Assetexplorer
Version 6.9 6908
Manageengine Assetexplorer
Version 6.9 6909
Manageengine Assetexplorer
Version 6.9 6950
Manageengine Assetexplorer
Version 6.9 6951
Manageengine Assetexplorer
Version 6.9 6952
Manageengine Assetexplorer
Version 6.9 6953
Manageengine Assetexplorer
Version 6.9 6954
Manageengine Assetexplorer
Version 6.9 6955
Manageengine Assetexplorer
Version 6.9 6956
Manageengine Assetexplorer
Version 6.9 6957
Manageengine Assetexplorer
Version 6.9 6970
Manageengine Assetexplorer
Version 6.9 6971
Manageengine Assetexplorer
Version 6.9 6972
Manageengine Assetexplorer
Version 6.9 6973
Manageengine Assetexplorer
Version 6.9 6974
Manageengine Assetexplorer
Version 6.9 6975
Manageengine Assetexplorer
Version 6.9 6976
Manageengine Assetexplorer
Version 6.9 6977
Manageengine Assetexplorer
Version 6.9 6978
Manageengine Assetexplorer
Version 6.9 6979
Manageengine Assetexplorer
Version 6.9 6980

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.