Vulnerability Description
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Servicedesk Plus Msp | < 10.6 |
| Zohocorp | Manageengine Supportcenter Plus | < 11.0 |
Related Weaknesses (CWE)
References
- https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.htmlVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-22-1490/Third Party AdvisoryVDB Entry
- https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.htmlVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-22-1490/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2022-40773?
CVE-2022-40773 is a vulnerability with a CVSS score of 8.8 (HIGH). Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList ex...
How severe is CVE-2022-40773?
CVE-2022-40773 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40773?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Servicedesk Plus Msp, Zohocorp Manageengine Supportcenter Plus.