Lucene search
MitreCVE-2022-40771HistoryNov 23, 2022 - 6:15 p.m.
CVE-2022-40771
2022-11-2318:15:12
CWE-611
mitre
web.nvd.nist.gov
36
2
zoho
manageengine
servicedesk plus
cve-2022-40771
vulnerability
xml external entity attack
information disclosure
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
38.5%
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
Affected configurations
Node
zohocorpmanageengine_servicedesk_plusRange<14.0
ORzohocorpmanageengine_servicedesk_plusMatch14.0-
ORzohocorpmanageengine_servicedesk_plusMatch14.014000
Node
zohocorpmanageengine_servicedesk_plus_mspRange<13.0
ORzohocorpmanageengine_servicedesk_plus_mspMatch13.0-
ORzohocorpmanageengine_servicedesk_plus_mspMatch13.013000
Node
zohocorpmanageengine_supportcenter_plusRange<11.0
ORzohocorpmanageengine_supportcenter_plusMatch11.0-
ORzohocorpmanageengine_supportcenter_plusMatch11.011000
ORzohocorpmanageengine_supportcenter_plusMatch11.011001
ORzohocorpmanageengine_supportcenter_plusMatch11.011002
ORzohocorpmanageengine_supportcenter_plusMatch11.011003
ORzohocorpmanageengine_supportcenter_plusMatch11.011004
ORzohocorpmanageengine_supportcenter_plusMatch11.011005
ORzohocorpmanageengine_supportcenter_plusMatch11.011006
ORzohocorpmanageengine_supportcenter_plusMatch11.011007
ORzohocorpmanageengine_supportcenter_plusMatch11.011008
ORzohocorpmanageengine_supportcenter_plusMatch11.011009
ORzohocorpmanageengine_supportcenter_plusMatch11.011010
ORzohocorpmanageengine_supportcenter_plusMatch11.011011
ORzohocorpmanageengine_supportcenter_plusMatch11.011012
ORzohocorpmanageengine_supportcenter_plusMatch11.011013
ORzohocorpmanageengine_supportcenter_plusMatch11.011014
ORzohocorpmanageengine_supportcenter_plusMatch11.011015
ORzohocorpmanageengine_supportcenter_plusMatch11.011016
ORzohocorpmanageengine_supportcenter_plusMatch11.011017
ORzohocorpmanageengine_supportcenter_plusMatch11.011018
ORzohocorpmanageengine_supportcenter_plusMatch11.011019
ORzohocorpmanageengine_supportcenter_plusMatch11.011020
ORzohocorpmanageengine_supportcenter_plusMatch11.011021
ORzohocorpmanageengine_supportcenter_plusMatch11.011022
ORzohocorpmanageengine_supportcenter_plusMatch11.011024
ORzohocorpmanageengine_supportcenter_plusMatch11.011025
Node
zohocorpmanageengine_assetexplorerRange<6.9
ORzohocorpmanageengine_assetexplorerMatch6.9-
ORzohocorpmanageengine_assetexplorerMatch6.96900
ORzohocorpmanageengine_assetexplorerMatch6.96901
ORzohocorpmanageengine_assetexplorerMatch6.96902
ORzohocorpmanageengine_assetexplorerMatch6.96903
ORzohocorpmanageengine_assetexplorerMatch6.96904
ORzohocorpmanageengine_assetexplorerMatch6.96905
ORzohocorpmanageengine_assetexplorerMatch6.96906
ORzohocorpmanageengine_assetexplorerMatch6.96907
ORzohocorpmanageengine_assetexplorerMatch6.96908
ORzohocorpmanageengine_assetexplorerMatch6.96909
ORzohocorpmanageengine_assetexplorerMatch6.96950
ORzohocorpmanageengine_assetexplorerMatch6.96951
ORzohocorpmanageengine_assetexplorerMatch6.96952
ORzohocorpmanageengine_assetexplorerMatch6.96953
ORzohocorpmanageengine_assetexplorerMatch6.96954
ORzohocorpmanageengine_assetexplorerMatch6.96955
ORzohocorpmanageengine_assetexplorerMatch6.96956
ORzohocorpmanageengine_assetexplorerMatch6.96957
ORzohocorpmanageengine_assetexplorerMatch6.96970
ORzohocorpmanageengine_assetexplorerMatch6.96971
ORzohocorpmanageengine_assetexplorerMatch6.96972
ORzohocorpmanageengine_assetexplorerMatch6.96973
ORzohocorpmanageengine_assetexplorerMatch6.96974
ORzohocorpmanageengine_assetexplorerMatch6.96975
ORzohocorpmanageengine_assetexplorerMatch6.96976
ORzohocorpmanageengine_assetexplorerMatch6.96977
ORzohocorpmanageengine_assetexplorerMatch6.96978
ORzohocorpmanageengine_assetexplorerMatch6.96979
ORzohocorpmanageengine_assetexplorerMatch6.96980
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_servicedesk_plus | * | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 14.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus | 14.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus_msp | * | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus_msp | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:-:*:*:*:*:*:* |
| zohocorp | manageengine_servicedesk_plus_msp | 13.0 | cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | * | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 11.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 11.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:* |
| zohocorp | manageengine_supportcenter_plus | 11.0 | cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:* |
Social References
More
Related
nvd
nvd
CVE-2022-40771
2022-11-23 18:15:12
nessus
nessus
ManageEngine AssetExplorer 6.9 Build 6980 XXE
2022-12-02 00:00:00
ManageEngine ServiceDesk Plus MSP < 13.0 Build 13001 XXE
2022-12-02 00:00:00
ManageEngine SupportCenter Plus < 11.0 Build 11026 Multiple Vulnerabilities
2022-12-02 00:00:00
cvelist
cvelist
CVE-2022-40771
2022-11-23 00:00:00
zdi
zdi
prion
prion
Xxe
2022-11-23 18:15:00
CVSS3
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
5
Confidence
High
EPSS
0.001
Percentile
38.5%
Related for CVE-2022-40771