CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
zohocorpmanageengine_servicedesk_plus_msp
10.6:10600
zohocorpmanageengine_servicedesk_plus_msp
10.6:10601
zohocorpmanageengine_servicedesk_plus_msp
10.6:10602
zohocorpmanageengine_servicedesk_plus_msp
10.6:10603
zohocorpmanageengine_servicedesk_plus_msp
10.6:10604
zohocorpmanageengine_servicedesk_plus_msp
10.6:10605
zohocorpmanageengine_servicedesk_plus_msp
10.6:10606
zohocorpmanageengine_servicedesk_plus_msp
10.6:10607
zohocorpmanageengine_servicedesk_plus_msp
10.6:10608
zohocorpmanageengine_servicedesk_plus_msp
10.6:10609
zohocorpmanageengine_servicedesk_plus_msp
10.6:10610
zohocorpmanageengine_servicedesk_plus_msp
13.0:13000
zohocorpmanageengine_servicedesk_plus_msp
13.0:13001
zohocorpmanageengine_servicedesk_plus_msp
13.0:13002
zohocorpmanageengine_servicedesk_plus_msp
13.0:13003
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://manageengine.com
https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html
https://manageengine.com
https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html