CVE-2022-40773 - Vulnerability Details

Vendors	Products
Zohocorp	Manageengine Servicedesk Plus Msp Manageengine Supportcenter Plus

Link	Providers
https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html
https://www.zerodayinitiative.com/advisories/ZDI-22-1490/

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-40773", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T12:28:42.555Z", "dateReserved": "2022-09-18T00:00:00", "datePublished": "2022-11-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1490/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:28:42.555Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html", "tags": ["x_transferred"]}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1490/", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2022-40773 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-08-03T12:28:42.555Z (string)

dateReserved : 2022-09-18T00:00:00 (string)

datePublished : 2022-11-12T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2022-11-12T00:00:00 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html (string)

}

1 : { »

url : https://www.zerodayinitiative.com/advisories/ZDI-22-1490/ (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T12:28:42.555Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://www.zerodayinitiative.com/advisories/ZDI-22-1490/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0647726-47C1-4CF5-91AA-E3E18776842C", "versionEndExcluding": "10.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*", "matchCriteriaId": "DD01521E-40B5-46D6-9A29-DABA18F11DFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*", "matchCriteriaId": "877000C8-0405-481D-95CC-72B783457401", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*", "matchCriteriaId": "1DC5243C-C10E-46A1-A71E-7E736FC651E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*", "matchCriteriaId": "C17D5800-8A5A-44BE-ACE3-6FB21631551C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*", "matchCriteriaId": "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*", "matchCriteriaId": "C1671DFA-9DAA-41E5-9528-50F63D32FBF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*", "matchCriteriaId": "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*", "matchCriteriaId": "B3BAC4E7-840F-461A-A0F9-6E29F5C43F45", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*", "matchCriteriaId": "9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*", "matchCriteriaId": "FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E", "versionEndExcluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:*", "matchCriteriaId": "3AE43EA7-9AA1-4EA7-8840-22BD543A093C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", "matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", "matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", "matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", "matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", "matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", "matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", "matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", "matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", "matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", "matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", "matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", "matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", "matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", "matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", "matchCriteriaId": "97920D1C-62BA-4B10-9912-C2ED1C1B0313", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", "matchCriteriaId": "023C6278-1FF9-4E79-8D95-32BE71701D37", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", "matchCriteriaId": "34EFB9EF-269E-4A72-8357-2A54E8B78C84", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", "matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", "matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", "matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", "matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", "matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", "matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", "matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view."}, {"lang": "es", "value": "Zoho ManageEngine ServiceDesk Plus MSP anterior a 10609 y SupportCenter Plus anterior a 11025 son vulnerables a la escalada de privilegios. Esto permite a los usuarios obtener datos sensibles durante una exportaci\u00f3n de solicitudes exportMickeyList desde la vista de lista."}], "id": "CVE-2022-40773", "lastModified": "2024-11-21T07:22:02.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-12T04:15:09.010", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1490/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1490/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D0647726-47C1-4CF5-91AA-E3E18776842C (string)

versionEndExcluding : 10.6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:* (string)

matchCriteriaId : DD01521E-40B5-46D6-9A29-DABA18F11DFF (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:* (string)

matchCriteriaId : 877000C8-0405-481D-95CC-72B783457401 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:* (string)

matchCriteriaId : 1DC5243C-C10E-46A1-A71E-7E736FC651E2 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:* (string)

matchCriteriaId : C17D5800-8A5A-44BE-ACE3-6FB21631551C (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:* (string)

matchCriteriaId : D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:* (string)

matchCriteriaId : C1671DFA-9DAA-41E5-9528-50F63D32FBF1 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:* (string)

matchCriteriaId : 9F539D31-62C3-4129-8B56-8CDCD8F8E0A8 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:* (string)

matchCriteriaId : B3BAC4E7-840F-461A-A0F9-6E29F5C43F45 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:* (string)

matchCriteriaId : 9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:* (string)

matchCriteriaId : FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 791D8E77-1A6B-4739-A6E6-BF91E978144E (string)

versionEndExcluding : 11.0 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 3AE43EA7-9AA1-4EA7-8840-22BD543A093C (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:* (string)

matchCriteriaId : D788203D-B169-4C98-B090-B070630750DF (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:* (string)

matchCriteriaId : 846EA6AB-9588-4D9F-AEBD-83B018BE7362 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:* (string)

matchCriteriaId : BDD540F2-C964-40DE-91AB-DE726AAA82A8 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:* (string)

matchCriteriaId : AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:* (string)

matchCriteriaId : 685783DB-DD06-4D9C-9E83-63449D5B60D9 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:* (string)

matchCriteriaId : C371F2CD-A1F8-4EC7-8096-D61DEA337D44 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:* (string)

matchCriteriaId : B980A72F-53E2-4FC1-AA25-743AE8650641 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:* (string)

matchCriteriaId : 68289AE6-F348-401A-BE49-08889492B23B (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:* (string)

matchCriteriaId : A0667DC3-8315-4F2B-BAB7-D1F1CA476D68 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:* (string)

matchCriteriaId : 34C768E0-FF5B-413D-87B2-9D09F28F95DC (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:* (string)

matchCriteriaId : 5570C5A9-A79B-48CF-B95D-3513F7B9BAF7 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:* (string)

matchCriteriaId : B77031F5-E097-4549-BF5E-1D0718AB52B9 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:* (string)

matchCriteriaId : 5A9C0879-8AE5-4E6E-998C-E79FC418C68A (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:* (string)

matchCriteriaId : 3F1F21D7-08E8-4637-903B-4277399C0BD7 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:* (string)

matchCriteriaId : 97920D1C-62BA-4B10-9912-C2ED1C1B0313 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:* (string)

matchCriteriaId : 023C6278-1FF9-4E79-8D95-32BE71701D37 (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:* (string)

matchCriteriaId : 34EFB9EF-269E-4A72-8357-2A54E8B78C84 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:* (string)

matchCriteriaId : 35366F60-D6E2-4B29-B593-D24079CE6831 (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:* (string)

matchCriteriaId : CB60E016-82DD-41EC-85F9-D4F37AF1F8E3 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:* (string)

matchCriteriaId : 9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:* (string)

matchCriteriaId : 80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE (string)

vulnerable : true (boolean)

}

34 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:* (string)

matchCriteriaId : 7F529DB6-4D30-49F8-BFE2-C10C1A899917 (string)

vulnerable : true (boolean)

}

35 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:* (string)

matchCriteriaId : 4EA25296-8163-4C98-A8CD-35834240308E (string)

vulnerable : true (boolean)

}

36 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:* (string)

matchCriteriaId : 33D51403-A976-4EA3-AA23-C699E03239E2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. (string)

}

1 : { »

lang : es (string)

value : Zoho ManageEngine ServiceDesk Plus MSP anterior a 10609 y SupportCenter Plus anterior a 11025 son vulnerables a la escalada de privilegios. Esto permite a los usuarios obtener datos sensibles durante una exportación de solicitudes exportMickeyList desde la vista de lista. (string)

}

]

id : CVE-2022-40773 (string)

lastModified : 2024-11-21T07:22:02.230 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-11-12T04:15:09.010 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-22-1490/ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : https://www.zerodayinitiative.com/advisories/ZDI-22-1490/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object