Vulnerability Description
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Servicedesk Plus | < 14.0 |
| Zohocorp | Manageengine Servicedesk Plus Msp | < 10.6 |
| Zohocorp | Manageengine Supportcenter Plus | < 11.0 |
| Zohocorp | Manageengine Assetexplorer | < 6.9 |
References
- https://manageengine.comVendor Advisory
- https://www.manageengine.com/products/service-desk/CVE-2022-40772.htmlPatchVendor Advisory
- https://manageengine.comVendor Advisory
- https://www.manageengine.com/products/service-desk/CVE-2022-40772.htmlPatchVendor Advisory
FAQ
What is CVE-2022-40772?
CVE-2022-40772 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
How severe is CVE-2022-40772?
CVE-2022-40772 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40772?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Servicedesk Plus, Zohocorp Manageengine Servicedesk Plus Msp, Zohocorp Manageengine Supportcenter Plus, Zohocorp Manageengine Assetexplorer.