CVE-2022-40770

CVSS V2 None CVSS V3 None

Description

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.

Overview

CVE ID
CVE-2022-40770

Assigner
cve@mitre.org

Vulnerability Status
Analyzed

Published Version
2022-11-23T03:15:10

Last Modified Date
2022-11-28T20:00:31

Weakness Enumerations

CWE	URL
CWE-77	http://cwe.mitre.org/data/definitions/77.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus::::::::	1	OR	13.0
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp::::::::	1	OR	10.6
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus::::::::	1	OR	11.0
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024::::::	1	OR
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025::::::	1	OR

References

Reference URL	Reference Tags
https://manageengine.com
https://www.manageengine.com/products/service-desk/CVE-2022-40770.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-40770
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40770

History

Created	Old Value	New Value	Data Type	Notes
2022-11-23 04:00:14				Added to TrackCVE
2022-12-07 18:01:00	2022-11-23T03:15Z	2022-11-23T03:15:10	CVE Published Date	updated
2022-12-07 18:01:00		2022-11-28T20:00:31	CVE Modified Date	updated
2022-12-07 18:01:00		Analyzed	Vulnerability Status	updated
2022-12-07 18:01:00		CWE-77	Weakness Enumeration	new
2022-12-07 18:01:02			CPE Information	updated