Description
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.
Related CPE's
a
zohocorp
manageengine_servicedesk_plus
3
a
zohocorp
manageengine_servicedesk_plus_msp
3
a
zohocorp
manageengine_supportcenter_plus
27
a
zohocorp
manageengine_assetexplorer
31
References
Vendor Advisory
https://www.manageengine.com/products/service-desk/CVE-2022-40771.html
PatchVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-11-23T18:15:12.307
2 years agoLast modified
2022-11-29T20:19:25.540
2 years ago