CVE-2022-35403

Summary

CVE	CVE-2022-35403
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-12 22:15:00 UTC
Updated	2022-07-19 18:02:00 UTC
Description	Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Assetexplorer	All	All	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6900	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6901	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6902	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6903	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6904	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6905	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6906	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6907	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6908	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6909	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6950	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6951	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6952	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6953	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6954	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6955	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6956	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6957	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6970	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6971	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6972	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6973	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6974	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6975	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6976	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13000	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13001	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13002	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13003	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13004	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13005	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13006	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	13.0	13007	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10600	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10601	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10602	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10603	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10604	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10605	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	All	All	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11000	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11001	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11002	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11003	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11004	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11005	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11006	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11007	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11008	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11009	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11010	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11011	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11012	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11013	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11014	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11015	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11016	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11017	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11018	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11019	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11020	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11021	All	All

References

Reference	Source	Link	Tags
ManageEngine security advisory	MISC	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378381 Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus and AssetExplorer Local File Disclosure Vulnerability