CVE-2022-40771

Summary

CVE	CVE-2022-40771
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-23 18:15:00 UTC
Updated	2022-11-29 20:19:00 UTC
Description	Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

Risk And Classification

Problem Types: CWE-611

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Assetexplorer	All	All	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	-	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6900	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6901	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6902	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6903	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6904	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6905	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6906	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6907	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6908	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6909	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6950	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6951	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6952	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6953	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6954	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6955	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6956	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6957	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6970	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6971	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6972	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6973	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6974	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6975	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6976	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6977	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6978	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6979	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6980	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	14.0	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	14.0	14000	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	13.0	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	13.0	13000	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	All	All	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	-	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11000	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11001	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11002	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11003	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11004	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11005	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11006	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11007	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11008	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11009	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11010	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11011	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11012	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11013	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11014	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11015	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11016	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11017	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11018	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11019	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11020	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11021	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11022	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11024	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11025	All	All

References

Reference	Source	Link	Tags
ManageEngine security advisory	MISC	www.manageengine.com
ManageEngine: IT security, operations & service management	MISC	manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378355 Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus and AssetExplorer Extensible Markup Language (XML) External Entity (XXE) Vulnerability