CVE-2022-35403

3 documents3 sources

Severity

7.5HIGH

EPSS

2.8%

top 13.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Assetexplorer Zohocorp Manageengine Servicedesk Plus Zohocorp Manageengine Servicedesk Plus MSP +1 more

Timeline

PublishedJul 12

Latest updateJul 13

Description

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDzohocorp/manageengine_servicedesk_plus< 13.0+1

▶NVDzohocorp/manageengine_servicedesk_plus_msp< 10.6+1

▶NVDzohocorp/manageengine_supportcenter_plus< 11.0+1

▶NVDzohocorp/manageengine_assetexplorer< 6.9+1

Patches

Patch: www.manageengine.com ↗Patch: www.manageengine.com ↗

🔴Vulnerability Details

GHSA

GHSA-7xjv-9887-fp87: Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthentic↗2022-07-13

▶

CVEList

CVE-2022-35403: Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthentic↗2022-07-12

▶