CVE-2022-40772

Published: Nov 23, 2022Modified: Apr 28, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.

Affected (71)

Products: Zohocorp: Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus, Manageengine Assetexplorer

Zohocorp

4 products

Manageengine Servicedesk Plus

Manageengine Servicedesk Plus Msp

Manageengine Supportcenter Plus

Manageengine Assetexplorer

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Before 14.0
Zohocorp Manageengine Servicedesk Plus	Version 14.0
Zohocorp Manageengine Servicedesk Plus	Version 14.0 14000

Configuration B

11 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus Msp	Before 10.6
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10600
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10601
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10602
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10603
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10604
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10605
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10606
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10607
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.6 10608

Configuration C

26 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Supportcenter Plus	Before 11.0
Zohocorp Manageengine Supportcenter Plus	Version 11.0
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11000
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11001
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11002
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11003
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11004
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11005
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11006
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11007
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11008
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11009
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11010
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11011
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11012
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11013
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11014
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11015
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11016
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11017
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11018
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11019
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11020
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11021
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11022
Zohocorp Manageengine Supportcenter Plus	Version 11.0 11024

Configuration D

31 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Assetexplorer	Before 6.9
Zohocorp Manageengine Assetexplorer	Version 6.9
Zohocorp Manageengine Assetexplorer	Version 6.9 6900
Zohocorp Manageengine Assetexplorer	Version 6.9 6901
Zohocorp Manageengine Assetexplorer	Version 6.9 6902
Zohocorp Manageengine Assetexplorer	Version 6.9 6903
Zohocorp Manageengine Assetexplorer	Version 6.9 6904
Zohocorp Manageengine Assetexplorer	Version 6.9 6905
Zohocorp Manageengine Assetexplorer	Version 6.9 6906
Zohocorp Manageengine Assetexplorer	Version 6.9 6907
Zohocorp Manageengine Assetexplorer	Version 6.9 6908
Zohocorp Manageengine Assetexplorer	Version 6.9 6909
Zohocorp Manageengine Assetexplorer	Version 6.9 6950
Zohocorp Manageengine Assetexplorer	Version 6.9 6951
Zohocorp Manageengine Assetexplorer	Version 6.9 6952
Zohocorp Manageengine Assetexplorer	Version 6.9 6953
Zohocorp Manageengine Assetexplorer	Version 6.9 6954
Zohocorp Manageengine Assetexplorer	Version 6.9 6955
Zohocorp Manageengine Assetexplorer	Version 6.9 6956
Zohocorp Manageengine Assetexplorer	Version 6.9 6957
Zohocorp Manageengine Assetexplorer	Version 6.9 6970
Zohocorp Manageengine Assetexplorer	Version 6.9 6971
Zohocorp Manageengine Assetexplorer	Version 6.9 6972
Zohocorp Manageengine Assetexplorer	Version 6.9 6973
Zohocorp Manageengine Assetexplorer	Version 6.9 6974
Zohocorp Manageengine Assetexplorer	Version 6.9 6975
Zohocorp Manageengine Assetexplorer	Version 6.9 6976
Zohocorp Manageengine Assetexplorer	Version 6.9 6977
Zohocorp Manageengine Assetexplorer	Version 6.9 6978
Zohocorp Manageengine Assetexplorer	Version 6.9 6979
Zohocorp Manageengine Assetexplorer	Version 6.9 6980

References (4)

https://manageengine.com

Source: cve@mitre.org

Vendor Advisory

https://www.manageengine.com/products/service-desk/CVE-2022-40772.html

Source: cve@mitre.org

PatchVendor Advisory

https://manageengine.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.manageengine.com/products/service-desk/CVE-2022-40772.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.