CVE-2022-40772

Summary

CVE	CVE-2022-40772
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-23 18:15:00 UTC
Updated	2023-08-08 14:22:00 UTC
Description	Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Assetexplorer	All	All	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	-	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6900	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6901	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6902	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6903	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6904	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6905	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6906	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6907	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6908	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6909	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6950	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6951	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6952	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6953	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6954	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6955	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6956	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6957	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6970	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6971	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6972	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6973	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6974	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6975	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6976	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6977	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6978	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6979	All	All
Application	Zohocorp	Manageengine Assetexplorer	6.9	6980	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	14.0	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus	14.0	14000	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10600	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10601	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10602	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10603	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10604	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10605	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10606	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10607	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10608	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	All	All	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	-	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11000	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11001	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11002	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11003	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11004	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11005	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11006	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11007	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11008	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11009	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11010	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11011	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11012	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11013	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11014	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11015	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11016	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11017	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11018	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11019	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11020	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11021	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11022	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11024	All	All

References

Reference	Source	Link	Tags
ManageEngine: IT security, operations & service management	MISC	manageengine.com
ManageEngine security advisory	MISC	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

377857 Zoho ManageEngine ServiceDesk Plus, SupportCenter Plus and AssetExplorer Privilege Escalation Vulnerability