CVE-2022-40771

Опубликовано: 23 нояб. 2022

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

Ссылки

https://manageengine.com
Vendor Advisory
https://www.manageengine.com/products/service-desk/CVE-2022-40771.html
Patch
Vendor Advisory
https://manageengine.com
Vendor Advisory
https://www.manageengine.com/products/service-desk/CVE-2022-40771.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*

Версия до 14.0 (исключая)

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*

Версия до 13.0 (исключая)

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*

Версия до 11.0 (исключая)

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*

Версия до 6.9 (исключая)

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01014

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-gxvp-6gxm-ghqv

CVSS3: 4.9

github

около 3 лет назад

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

EPSS

Процентиль: 77%

0.01014

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-611