Vulnerability Description
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Servicedesk Plus | < 13.0 |
| Zohocorp | Manageengine Servicedesk Plus Msp | < 10.6 |
| Zohocorp | Manageengine Supportcenter Plus | < 11.0 |
| Zohocorp | Manageengine Assetexplorer | < 6.9 |
References
- https://www.manageengine.com/products/service-desk/cve-2022-35403.htmlPatchVendor Advisory
- https://www.manageengine.com/products/service-desk/cve-2022-35403.htmlPatchVendor Advisory
FAQ
What is CVE-2022-35403?
CVE-2022-35403 is a vulnerability with a CVSS score of 7.5 (HIGH). Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticke...
How severe is CVE-2022-35403?
CVE-2022-35403 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-35403?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Servicedesk Plus, Zohocorp Manageengine Servicedesk Plus Msp, Zohocorp Manageengine Supportcenter Plus, Zohocorp Manageengine Assetexplorer.