TROYANOSYVIRUS
Volver a CVEs

CVE-2022-40771

MEDIUM
4.9

Descripcion

Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure.

Detalles CVE

Puntuacion CVSS v3.14.9
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado11/23/2022
Ultima modificacion4/28/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

zohocorp:manageengine_assetexplorerzohocorp:manageengine_servicedesk_pluszohocorp:manageengine_servicedesk_plus_mspzohocorp:manageengine_supportcenter_plus

Debilidades (CWE)

CWE-611CWE-611

Referencias

https://manageengine.com(cve@mitre.org)
https://www.manageengine.com/products/service-desk/CVE-2022-40771.html(cve@mitre.org)
https://manageengine.com(af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com/products/service-desk/CVE-2022-40771.html(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.