CVE-2022-40770

Опубликовано: 23 нояб. 2022

Источник: nvd

CVSS3: 7.2

EPSS Средний

Описание

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.

Ссылки

https://manageengine.com
Vendor Advisory
https://www.manageengine.com/products/service-desk/CVE-2022-40770.html
Vendor Advisory
https://manageengine.com
Vendor Advisory
https://www.manageengine.com/products/service-desk/CVE-2022-40770.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*

Версия до 13.0 (исключая)

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*

Версия до 10.6 (исключая)

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*

Версия до 11.0 (исключая)

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.65902

Средний

7.2 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-r3rg-whrj-v9p8

CVSS3: 7.2

github

около 3 лет назад

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.

EPSS

Процентиль: 98%

0.65902

Средний

7.2 High

CVSS3

Дефекты

CWE-77