Published: 12/11/2022 Updated: 16/11/2022

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

Subscribe to Manageengine Supportcenter Plus

Zoho ManageEngine ServiceDesk Plus MSP prior to 10609 and SupportCenter Plus prior to 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zohocorp manageengine supportcenter plus 11.0
zohocorp manageengine supportcenter plus
zohocorp manageengine servicedesk plus msp 10.6
zohocorp manageengine servicedesk plus msp

CVE-2022-40773 Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view authentication complexity vector not available not available not available confidentiality integrity availability

CWE-863 https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html https://www.zerodayinitiative.com/advisories/ZDI-22-1490/https://github.com/Live-Hack-CVE/CVE-2022-40773 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-40773

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect