7.2

CVE-2022-40770

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZohocorpManageengine Servicedesk Plus Version13.0 Update13000
ZohocorpManageengine Servicedesk Plus Version13.0 Update13001
ZohocorpManageengine Servicedesk Plus Version13.0 Update13002
ZohocorpManageengine Servicedesk Plus Version13.0 Update13003
ZohocorpManageengine Servicedesk Plus Version13.0 Update13004
ZohocorpManageengine Servicedesk Plus Version13.0 Update13005
ZohocorpManageengine Servicedesk Plus Version13.0 Update13006
ZohocorpManageengine Servicedesk Plus Version13.0 Update13007
ZohocorpManageengine Servicedesk Plus Version13.0 Update13008
ZohocorpManageengine Servicedesk Plus Version13.0 Update13009
ZohocorpManageengine Servicedesk Plus Version13.0 Update13010
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10600
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10601
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10602
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10603
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10604
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10605
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10606
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10607
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10608
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10609
ZohocorpManageengine Servicedesk Plus Msp Version10.6 Update10610
ZohocorpManageengine Supportcenter Plus Version11.0 Update11000
ZohocorpManageengine Supportcenter Plus Version11.0 Update11001
ZohocorpManageengine Supportcenter Plus Version11.0 Update11002
ZohocorpManageengine Supportcenter Plus Version11.0 Update11003
ZohocorpManageengine Supportcenter Plus Version11.0 Update11004
ZohocorpManageengine Supportcenter Plus Version11.0 Update11005
ZohocorpManageengine Supportcenter Plus Version11.0 Update11006
ZohocorpManageengine Supportcenter Plus Version11.0 Update11007
ZohocorpManageengine Supportcenter Plus Version11.0 Update11008
ZohocorpManageengine Supportcenter Plus Version11.0 Update11009
ZohocorpManageengine Supportcenter Plus Version11.0 Update11010
ZohocorpManageengine Supportcenter Plus Version11.0 Update11011
ZohocorpManageengine Supportcenter Plus Version11.0 Update11012
ZohocorpManageengine Supportcenter Plus Version11.0 Update11013
ZohocorpManageengine Supportcenter Plus Version11.0 Update11014
ZohocorpManageengine Supportcenter Plus Version11.0 Update11015
ZohocorpManageengine Supportcenter Plus Version11.0 Update11016
ZohocorpManageengine Supportcenter Plus Version11.0 Update11017
ZohocorpManageengine Supportcenter Plus Version11.0 Update11018
ZohocorpManageengine Supportcenter Plus Version11.0 Update11019
ZohocorpManageengine Supportcenter Plus Version11.0 Update11020
ZohocorpManageengine Supportcenter Plus Version11.0 Update11021
ZohocorpManageengine Supportcenter Plus Version11.0 Update11022
ZohocorpManageengine Supportcenter Plus Version11.0 Update11024
ZohocorpManageengine Supportcenter Plus Version11.0 Update11025
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 65.9% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://manageengine.com
Vendor Advisory