CVE-2022-40773

Summary

CVE	CVE-2022-40773
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-12 04:15:00 UTC
Updated	2023-08-08 14:21:00 UTC
Description	Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Servicedesk Plus Msp	All	All	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	-	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10600	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10601	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10602	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10603	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10604	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10605	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10606	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10607	All	All
Application	Zohocorp	Manageengine Servicedesk Plus Msp	10.6	10608	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	All	All	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	-	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11000	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11001	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11002	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11003	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11004	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11005	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11006	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11007	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11008	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11009	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11010	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11011	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11012	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11013	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11014	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11015	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11016	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11017	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11018	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11019	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11020	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11021	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11022	All	All
Application	Zohocorp	Manageengine Supportcenter Plus	11.0	11024	All	All

References

Reference	Source	Link	Tags
ZDI-22-1490 \| Zero Day Initiative	MISC	www.zerodayinitiative.com
Security advisory: CVE-2022-32551 - ServiceDesk Plus MSP	MISC	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

378354 Zoho ManageEngine ServiceDesk Plus MSP and SupportCenter Plus Privilege Escalation Vulnerability