CVE-2022-40771

EPSS 0.17%
Published 23.11.2022 18:15:12
Last modified 28.04.2025 20:15:20
Source cve@mitre.org
Teams watchlist Login
Open Login

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Servicedesk Plus Version < 14.0

Zohocorp ≫ Manageengine Servicedesk Plus Version14.0 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Version14.0 Update14000

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version < 13.0

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version13.0 Update13000

Zohocorp ≫ Manageengine Supportcenter Plus Version < 11.0

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update-

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11000

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11001

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11002

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11003

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11004

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11005

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11006

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11007

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11008

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11009

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11010

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11011

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11012

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11013

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11014

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11015

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11016

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11017

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11018

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11019

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11020

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11021

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11022

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11024

Zohocorp ≫ Manageengine Supportcenter Plus Version11.0 Update11025

Zohocorp ≫ Manageengine Assetexplorer Version < 6.9

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update-

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6900

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6901

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6902

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6903

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6904

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6905

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6906

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6907

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6908

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6909

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6950

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6951

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6952

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6953

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6954

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6955

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6956

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6957

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6970

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6971

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6972

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6973

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6974

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6975

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6976

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6977

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6978

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6979

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6980

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.394

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://manageengine.com

Vendor Advisory

https://www.manageengine.com/products/service-desk/CVE-2022-40771.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-40771

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-40771

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-40771

EUVD