CVE-2022-35403
First published: Tue Jul 12 2022(Updated: )
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoho ManageEngine ServiceDesk Plus | <13.0 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13000 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13001 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13002 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13003 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13004 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13005 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13006 | |
| Zoho ManageEngine ServiceDesk Plus | =13.0-13007 | |
| Zoho ManageEngine ServiceDesk Plus MSP | <10.6 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10600 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10601 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10602 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10603 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10604 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10605 | |
| ManageEngine SupportCenter Plus | <11.0 | |
| ManageEngine SupportCenter Plus | =11.0-11000 | |
| ManageEngine SupportCenter Plus | =11.0-11001 | |
| ManageEngine SupportCenter Plus | =11.0-11002 | |
| ManageEngine SupportCenter Plus | =11.0-11003 | |
| ManageEngine SupportCenter Plus | =11.0-11004 | |
| ManageEngine SupportCenter Plus | =11.0-11005 | |
| ManageEngine SupportCenter Plus | =11.0-11006 | |
| ManageEngine SupportCenter Plus | =11.0-11007 | |
| ManageEngine SupportCenter Plus | =11.0-11008 | |
| ManageEngine SupportCenter Plus | =11.0-11009 | |
| ManageEngine SupportCenter Plus | =11.0-11010 | |
| ManageEngine SupportCenter Plus | =11.0-11011 | |
| ManageEngine SupportCenter Plus | =11.0-11012 | |
| ManageEngine SupportCenter Plus | =11.0-11013 | |
| ManageEngine SupportCenter Plus | =11.0-11014 | |
| ManageEngine SupportCenter Plus | =11.0-11015 | |
| ManageEngine SupportCenter Plus | =11.0-11016 | |
| ManageEngine SupportCenter Plus | =11.0-11017 | |
| ManageEngine SupportCenter Plus | =11.0-11018 | |
| ManageEngine SupportCenter Plus | =11.0-11019 | |
| ManageEngine SupportCenter Plus | =11.0-11020 | |
| ManageEngine SupportCenter Plus | =11.0-11021 | |
| ManageEngine AssetExplorer | <6.9 | |
| ManageEngine AssetExplorer | =6.9-6900 | |
| ManageEngine AssetExplorer | =6.9-6901 | |
| ManageEngine AssetExplorer | =6.9-6902 | |
| ManageEngine AssetExplorer | =6.9-6903 | |
| ManageEngine AssetExplorer | =6.9-6904 | |
| ManageEngine AssetExplorer | =6.9-6905 | |
| ManageEngine AssetExplorer | =6.9-6906 | |
| ManageEngine AssetExplorer | =6.9-6907 | |
| ManageEngine AssetExplorer | =6.9-6908 | |
| ManageEngine AssetExplorer | =6.9-6909 | |
| ManageEngine AssetExplorer | =6.9-6950 | |
| ManageEngine AssetExplorer | =6.9-6951 | |
| ManageEngine AssetExplorer | =6.9-6952 | |
| ManageEngine AssetExplorer | =6.9-6953 | |
| ManageEngine AssetExplorer | =6.9-6954 | |
| ManageEngine AssetExplorer | =6.9-6955 | |
| ManageEngine AssetExplorer | =6.9-6956 | |
| ManageEngine AssetExplorer | =6.9-6957 | |
| ManageEngine AssetExplorer | =6.9-6970 | |
| ManageEngine AssetExplorer | =6.9-6971 | |
| ManageEngine AssetExplorer | =6.9-6972 | |
| ManageEngine AssetExplorer | =6.9-6973 | |
| ManageEngine AssetExplorer | =6.9-6974 | |
| ManageEngine AssetExplorer | =6.9-6975 | |
| ManageEngine AssetExplorer | =6.9-6976 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-35403?
CVE-2022-35403 is considered a critical vulnerability due to its potential for unauthorized access to sensitive files.
How do I fix CVE-2022-35403?
To fix CVE-2022-35403, you should update Zoho ManageEngine ServiceDesk Plus to version 13008 or later, and the related products to their respective patched versions.
What systems are affected by CVE-2022-35403?
CVE-2022-35403 affects Zoho ManageEngine ServiceDesk Plus versions before 13008, ServiceDesk Plus MSP before 10606, SupportCenter Plus before 11022, and Asset Explorer before 6977.
Can CVE-2022-35403 be exploited remotely?
CVE-2022-35403 can be exploited by unauthenticated users through ticket-creation emails, posing a significant risk.
Is there a workaround for CVE-2022-35403?
Currently, the recommended action is to apply the latest updates as there are no specified workarounds for CVE-2022-35403.
- agent/event
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/zoho manageengine servicedesk plus
- version/zoho manageengine servicedesk plus/13.0-13000
- version/zoho manageengine servicedesk plus/13.0-13001
- version/zoho manageengine servicedesk plus/13.0-13002
- version/zoho manageengine servicedesk plus/13.0-13003
- version/zoho manageengine servicedesk plus/13.0-13004
- version/zoho manageengine servicedesk plus/13.0-13005
- version/zoho manageengine servicedesk plus/13.0-13006
- version/zoho manageengine servicedesk plus/13.0-13007
- canonical/zoho manageengine servicedesk plus msp
- version/zoho manageengine servicedesk plus msp/10.6-10600
- version/zoho manageengine servicedesk plus msp/10.6-10601
- version/zoho manageengine servicedesk plus msp/10.6-10602
- version/zoho manageengine servicedesk plus msp/10.6-10603
- version/zoho manageengine servicedesk plus msp/10.6-10604
- version/zoho manageengine servicedesk plus msp/10.6-10605
- canonical/manageengine supportcenter plus
- version/manageengine supportcenter plus/11.0-11000
- version/manageengine supportcenter plus/11.0-11001
- version/manageengine supportcenter plus/11.0-11002
- version/manageengine supportcenter plus/11.0-11003
- version/manageengine supportcenter plus/11.0-11004
- version/manageengine supportcenter plus/11.0-11005
- version/manageengine supportcenter plus/11.0-11006
- version/manageengine supportcenter plus/11.0-11007
- version/manageengine supportcenter plus/11.0-11008
- version/manageengine supportcenter plus/11.0-11009
- version/manageengine supportcenter plus/11.0-11010
- version/manageengine supportcenter plus/11.0-11011
- version/manageengine supportcenter plus/11.0-11012
- version/manageengine supportcenter plus/11.0-11013
- version/manageengine supportcenter plus/11.0-11014
- version/manageengine supportcenter plus/11.0-11015
- version/manageengine supportcenter plus/11.0-11016
- version/manageengine supportcenter plus/11.0-11017
- version/manageengine supportcenter plus/11.0-11018
- version/manageengine supportcenter plus/11.0-11019
- version/manageengine supportcenter plus/11.0-11020
- version/manageengine supportcenter plus/11.0-11021
- canonical/manageengine assetexplorer
- version/manageengine assetexplorer/6.9-6900
- version/manageengine assetexplorer/6.9-6901
- version/manageengine assetexplorer/6.9-6902
- version/manageengine assetexplorer/6.9-6903
- version/manageengine assetexplorer/6.9-6904
- version/manageengine assetexplorer/6.9-6905
- version/manageengine assetexplorer/6.9-6906
- version/manageengine assetexplorer/6.9-6907
- version/manageengine assetexplorer/6.9-6908
- version/manageengine assetexplorer/6.9-6909
- version/manageengine assetexplorer/6.9-6950
- version/manageengine assetexplorer/6.9-6951
- version/manageengine assetexplorer/6.9-6952
- version/manageengine assetexplorer/6.9-6953
- version/manageengine assetexplorer/6.9-6954
- version/manageengine assetexplorer/6.9-6955
- version/manageengine assetexplorer/6.9-6956
- version/manageengine assetexplorer/6.9-6957
- version/manageengine assetexplorer/6.9-6970
- version/manageengine assetexplorer/6.9-6971
- version/manageengine assetexplorer/6.9-6972
- version/manageengine assetexplorer/6.9-6973
- version/manageengine assetexplorer/6.9-6974
- version/manageengine assetexplorer/6.9-6975
- version/manageengine assetexplorer/6.9-6976