Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.

Published

2022-11-12T04:15:09.010

Last Modified

2025-05-01T14:15:28.210

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-20
Type: Secondary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zohocorp	manageengine_servicedesk_plus_msp	< 10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_servicedesk_plus_msp	10.6	Yes
Application	zohocorp	manageengine_supportcenter_plus	< 11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes
Application	zohocorp	manageengine_supportcenter_plus	11.0	Yes

References

https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html Vendor Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-22-1490/ Third Party Advisory, VDB Entry ([email protected])
https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-22-1490/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)