CVE-2020-35682 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Vendor	Product	Version
zohocorp	manageengine_servicedesk_plus	𝑥 < 11.1
zohocorp	manageengine_servicedesk_plus	11.1:11100
zohocorp	manageengine_servicedesk_plus	11.1:11101
zohocorp	manageengine_servicedesk_plus	11.1:11102
zohocorp	manageengine_servicedesk_plus	11.1:11103
zohocorp	manageengine_servicedesk_plus	11.1:11104
zohocorp	manageengine_servicedesk_plus	11.1:11105
zohocorp	manageengine_servicedesk_plus	11.1:11106
zohocorp	manageengine_servicedesk_plus	11.1:11107
zohocorp	manageengine_servicedesk_plus	11.1:11108
zohocorp	manageengine_servicedesk_plus	11.1:11109
zohocorp	manageengine_servicedesk_plus	11.1:11110
zohocorp	manageengine_servicedesk_plus	11.1:11111
zohocorp	manageengine_servicedesk_plus	11.1:11112
zohocorp	manageengine_servicedesk_plus	11.1:11113
zohocorp	manageengine_servicedesk_plus	11.1:11114
zohocorp	manageengine_servicedesk_plus	11.1:11115
zohocorp	manageengine_servicedesk_plus	11.1:11116
zohocorp	manageengine_servicedesk_plus	11.1:11117
zohocorp	manageengine_servicedesk_plus	11.1:11118
zohocorp	manageengine_servicedesk_plus	11.1:11119
zohocorp	manageengine_servicedesk_plus	11.1:11120
zohocorp	manageengine_servicedesk_plus	11.1:11121
zohocorp	manageengine_servicedesk_plus	11.1:11122
zohocorp	manageengine_servicedesk_plus	11.1:11123
zohocorp	manageengine_servicedesk_plus	11.1:11124
zohocorp	manageengine_servicedesk_plus	11.1:11125
zohocorp	manageengine_servicedesk_plus	11.1:11126
zohocorp	manageengine_servicedesk_plus	11.1:11127
zohocorp	manageengine_servicedesk_plus	11.1:11128
zohocorp	manageengine_servicedesk_plus	11.1:11129
zohocorp	manageengine_servicedesk_plus	11.1:11130
zohocorp	manageengine_servicedesk_plus	11.1:11131
zohocorp	manageengine_servicedesk_plus	11.1:11132
zohocorp	manageengine_servicedesk_plus	11.1:11133

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://www.manageengine.com/products/service-desk/on-premises/readme.html#11134