Path Traversal Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP
CVE-2022-32551

7.5HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Servicedesk Plus Msp
Vendor: CVE Published:; 2 July 2022

What is CVE-2022-32551?

A vulnerability has been identified in Zoho ManageEngine ServiceDesk Plus MSP that allows attackers to exploit a path traversal issue, gaining unauthorized access to sensitive files such as WEB-INF/web.xml. This could potentially lead to the exposure of configuration settings and other critical information. It is crucial for users of the affected versions to apply the latest updates to mitigate this risk.

References

https://www.manageengine.com/products/service-desk-msp/CV...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2022
Vulnerability Reserved
Jun 8, 2022

Zohocorp

What is CVE-2022-32551?

References

CVSS V3.1

Timeline