Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-22-1613HistoryNov 21, 2022 - 12:00 a.m.
ManageEngine ServiceDesk Plus MSP generateSQLReport Improper Input Validation Privilege Escalation Vulnerability
2022-11-2100:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
15
manageengine servicedesk
msp
privilege escalation
improper validation
remote attackers
user-supplied data
EPSS
0.001
Percentile
40.0%
This vulnerability allows remote attackers to escalate privileges on affected installations of ManageEngine ServiceDesk Plus MSP. Authentication is required to exploit this vulnerability. The specific flaw exists within the generateSQLReport function. The issue results from the lack of proper validation of a user-supplied data. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.
Related
nessus
nessus
ManageEngine ServiceDesk Plus MSP < 10.6 Build 10609 Privilege Escalation
2022-12-02 00:00:00
ManageEngine SupportCenter Plus < 11.0 Build 11025 Privilege Escalation
2022-12-02 00:00:00
ManageEngine AssetExplorer < 6.9 Build 6981 Privilege Escalation
2022-12-02 00:00:00
prion
prion
Input validation
2022-11-23 18:15:00
cve
cve
CVE-2022-40772
2022-11-23 18:15:12
nvd
nvd
CVE-2022-40772
2022-11-23 18:15:12
cvelist
cvelist
CVE-2022-40772
2022-11-23 00:00:00