exploitDog

CVE-2022-36412

Опубликовано: 26 июл. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)

Ссылки

https://www.manageengine.com/products/support-center/cve-2022-36412.html
Vendor Advisory
https://www.manageengine.com/products/support-center/cve-2022-36412.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01497

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-wpcm-pg4g-v7c4

CVSS3: 9.8

github

больше 3 лет назад

In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)

EPSS

Процентиль: 81%

0.01497

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287