What is CVE-2022-40773?

CVE-2022-40773 is a high-severity vulnerability in Zohocorp Manageengine_servicedesk_plus_msp, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2022-11-12.

How severe is CVE-2022-40773?

High severity. CVSS v3 base score is 8.8 out of 10.

Improper input validation in Zohocorp Manageengine_servicedesk_plus_msp

CVE-2022-40773

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.045 (90.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Zohocorp Manageengine_servicedesk_plus_msp — versions 10.6
Zohocorp Manageengine_supportcenter_plus — versions 11.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (Vendor Advisory)
cve@mitre.org (VDB Entry, Third Party Advisory)

Frequently asked questions

What is CVE-2022-40773?: CVE-2022-40773 is a high-severity vulnerability in Zohocorp Manageengine_servicedesk_plus_msp, classified under Improper Input Validation. CVSS score: 8.8/10. Published 2022-11-12.
How severe is CVE-2022-40773?: High severity. CVSS v3 base score is 8.8 out of 10.