CVE-2022-40771 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 31%

Vendor	Product	Version
zohocorp	manageengine_servicedesk_plus	𝑥 < 14.0
zohocorp	manageengine_servicedesk_plus	14.0
zohocorp	manageengine_servicedesk_plus	14.0:14000
zohocorp	manageengine_servicedesk_plus_msp	𝑥 < 13.0
zohocorp	manageengine_servicedesk_plus_msp	13.0
zohocorp	manageengine_servicedesk_plus_msp	13.0:13000
zohocorp	manageengine_supportcenter_plus	𝑥 < 11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0:11000
zohocorp	manageengine_supportcenter_plus	11.0:11001
zohocorp	manageengine_supportcenter_plus	11.0:11002
zohocorp	manageengine_supportcenter_plus	11.0:11003
zohocorp	manageengine_supportcenter_plus	11.0:11004
zohocorp	manageengine_supportcenter_plus	11.0:11005
zohocorp	manageengine_supportcenter_plus	11.0:11006
zohocorp	manageengine_supportcenter_plus	11.0:11007
zohocorp	manageengine_supportcenter_plus	11.0:11008
zohocorp	manageengine_supportcenter_plus	11.0:11009
zohocorp	manageengine_supportcenter_plus	11.0:11010
zohocorp	manageengine_supportcenter_plus	11.0:11011
zohocorp	manageengine_supportcenter_plus	11.0:11012
zohocorp	manageengine_supportcenter_plus	11.0:11013
zohocorp	manageengine_supportcenter_plus	11.0:11014
zohocorp	manageengine_supportcenter_plus	11.0:11015
zohocorp	manageengine_supportcenter_plus	11.0:11016
zohocorp	manageengine_supportcenter_plus	11.0:11017
zohocorp	manageengine_supportcenter_plus	11.0:11018
zohocorp	manageengine_supportcenter_plus	11.0:11019
zohocorp	manageengine_supportcenter_plus	11.0:11020
zohocorp	manageengine_supportcenter_plus	11.0:11021
zohocorp	manageengine_supportcenter_plus	11.0:11022
zohocorp	manageengine_supportcenter_plus	11.0:11024
zohocorp	manageengine_supportcenter_plus	11.0:11025
zohocorp	manageengine_assetexplorer	𝑥 < 6.9
zohocorp	manageengine_assetexplorer	6.9
zohocorp	manageengine_assetexplorer	6.9:6900
zohocorp	manageengine_assetexplorer	6.9:6901
zohocorp	manageengine_assetexplorer	6.9:6902
zohocorp	manageengine_assetexplorer	6.9:6903
zohocorp	manageengine_assetexplorer	6.9:6904
zohocorp	manageengine_assetexplorer	6.9:6905
zohocorp	manageengine_assetexplorer	6.9:6906
zohocorp	manageengine_assetexplorer	6.9:6907
zohocorp	manageengine_assetexplorer	6.9:6908
zohocorp	manageengine_assetexplorer	6.9:6909
zohocorp	manageengine_assetexplorer	6.9:6950
zohocorp	manageengine_assetexplorer	6.9:6951
zohocorp	manageengine_assetexplorer	6.9:6952
zohocorp	manageengine_assetexplorer	6.9:6953
zohocorp	manageengine_assetexplorer	6.9:6954
zohocorp	manageengine_assetexplorer	6.9:6955
zohocorp	manageengine_assetexplorer	6.9:6956
zohocorp	manageengine_assetexplorer	6.9:6957
zohocorp	manageengine_assetexplorer	6.9:6970
zohocorp	manageengine_assetexplorer	6.9:6971
zohocorp	manageengine_assetexplorer	6.9:6972
zohocorp	manageengine_assetexplorer	6.9:6973
zohocorp	manageengine_assetexplorer	6.9:6974
zohocorp	manageengine_assetexplorer	6.9:6975
zohocorp	manageengine_assetexplorer	6.9:6976
zohocorp	manageengine_assetexplorer	6.9:6977
zohocorp	manageengine_assetexplorer	6.9:6978
zohocorp	manageengine_assetexplorer	6.9:6979
zohocorp	manageengine_assetexplorer	6.9:6980

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-2022-40771.html

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-2022-40771.html