CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
zohocorpmanageengine_servicedesk_plus_msp
𝑥
< 10.6
zohocorpmanageengine_servicedesk_plus_msp
10.6
zohocorpmanageengine_servicedesk_plus_msp
10.6:10600
zohocorpmanageengine_servicedesk_plus_msp
10.6:10601
zohocorpmanageengine_servicedesk_plus_msp
10.6:10602
zohocorpmanageengine_servicedesk_plus_msp
10.6:10603
zohocorpmanageengine_servicedesk_plus_msp
10.6:10604
zohocorpmanageengine_servicedesk_plus_msp
10.6:10605
zohocorpmanageengine_servicedesk_plus_msp
10.6:10606
zohocorpmanageengine_servicedesk_plus_msp
10.6:10607
zohocorpmanageengine_servicedesk_plus_msp
10.6:10608
zohocorpmanageengine_supportcenter_plus
𝑥
< 11.0
zohocorpmanageengine_supportcenter_plus
11.0
zohocorpmanageengine_supportcenter_plus
11.0:11000
zohocorpmanageengine_supportcenter_plus
11.0:11001
zohocorpmanageengine_supportcenter_plus
11.0:11002
zohocorpmanageengine_supportcenter_plus
11.0:11003
zohocorpmanageengine_supportcenter_plus
11.0:11004
zohocorpmanageengine_supportcenter_plus
11.0:11005
zohocorpmanageengine_supportcenter_plus
11.0:11006
zohocorpmanageengine_supportcenter_plus
11.0:11007
zohocorpmanageengine_supportcenter_plus
11.0:11008
zohocorpmanageengine_supportcenter_plus
11.0:11009
zohocorpmanageengine_supportcenter_plus
11.0:11010
zohocorpmanageengine_supportcenter_plus
11.0:11011
zohocorpmanageengine_supportcenter_plus
11.0:11012
zohocorpmanageengine_supportcenter_plus
11.0:11013
zohocorpmanageengine_supportcenter_plus
11.0:11014
zohocorpmanageengine_supportcenter_plus
11.0:11015
zohocorpmanageengine_supportcenter_plus
11.0:11016
zohocorpmanageengine_supportcenter_plus
11.0:11017
zohocorpmanageengine_supportcenter_plus
11.0:11018
zohocorpmanageengine_supportcenter_plus
11.0:11019
zohocorpmanageengine_supportcenter_plus
11.0:11020
zohocorpmanageengine_supportcenter_plus
11.0:11021
zohocorpmanageengine_supportcenter_plus
11.0:11022
zohocorpmanageengine_supportcenter_plus
11.0:11024
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1490/
https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1490/