Validation Bypass in ManageEngine ServiceDesk Plus Affecting Zoho Products
CVE-2022-40772

6.5MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Servicedesk Plus
Vendor: CVE Published:; 23 November 2022

What is CVE-2022-40772?

Zoho's ManageEngine ServiceDesk Plus versions 13010 and earlier are affected by a validation bypass vulnerability. This flaw permits unauthorized users to gain access to sensitive information through the report module, potentially leading to data exposure. Organizations utilizing these versions should promptly assess their systems for this issue to mitigate risks and protect sensitive data.

References

https://manageengine.com

https://www.manageengine.com/products/service-desk/CVE-20...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Sep 18, 2022

Zohocorp

What is CVE-2022-40772?

References

CVSS V3.1

Timeline