CVE Vulnerabilities

CVE-2022-35403

Published: Jul 12, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)

Affected Software

Name Vendor Start Version End Version
Manageengine_servicedesk_plus Zohocorp * 13.0 (excluding)
Manageengine_servicedesk_plus Zohocorp 13.0-13000 (including) 13.0-13000 (including)
Manageengine_servicedesk_plus Zohocorp 13.0-13001 (including) 13.0-13001 (including)
Manageengine_servicedesk_plus Zohocorp 13.0-13002 (including) 13.0-13002 (including)
Manageengine_servicedesk_plus Zohocorp 13.0-13003 (including) 13.0-13003 (including)
Manageengine_servicedesk_plus Zohocorp 13.0-13004 (including) 13.0-13004 (including)
Manageengine_servicedesk_plus Zohocorp 13.0-13005 (including) 13.0-13005 (including)
Manageengine_servicedesk_plus Zohocorp 13.0-13006 (including) 13.0-13006 (including)
Manageengine_servicedesk_plus Zohocorp 13.0-13007 (including) 13.0-13007 (including)

References