CVE-2022-40771

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
4.9MEDIUM
EPSS
1.0%
top 22.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Zohocorp Manageengine AssetexplorerZohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus MSP+1 more
Timeline
PublishedNov 23

Description

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

Patches

Patch: www.manageengine.comPatch: www.manageengine.com

🔴Vulnerability Details

2
GHSA
GHSA-gxvp-6gxm-ghqv: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure2022-11-23
CVEList
CVE-2022-40771: Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure2022-11-23
CVE-2022-40771 (MEDIUM CVSS 4.9) | Zoho ManageEngine ServiceDesk Plus | cvebase.io