← Back

CVE-2023-22964

nvd nist
Published: Jan 20, 2023Modified: Apr 3, 2025

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.

Affected (15)

Zohocorp
1 product
Manageengine Servicedesk Plus Msp
Configuration A
15 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Servicedesk Plus Msp
Version 10.6 10600
Manageengine Servicedesk Plus Msp
Version 10.6 10601
Manageengine Servicedesk Plus Msp
Version 10.6 10602
Manageengine Servicedesk Plus Msp
Version 10.6 10603
Manageengine Servicedesk Plus Msp
Version 10.6 10604
Manageengine Servicedesk Plus Msp
Version 10.6 10605
Manageengine Servicedesk Plus Msp
Version 10.6 10606
Manageengine Servicedesk Plus Msp
Version 10.6 10607
Manageengine Servicedesk Plus Msp
Version 10.6 10608
Manageengine Servicedesk Plus Msp
Version 10.6 10609
Manageengine Servicedesk Plus Msp
Version 10.6 10610
Manageengine Servicedesk Plus Msp
Version 13.0 13000
Manageengine Servicedesk Plus Msp
Version 13.0 13001
Manageengine Servicedesk Plus Msp
Version 13.0 13002
Manageengine Servicedesk Plus Msp
Version 13.0 13003

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.