CVE-2022-40772
First published: Wed Nov 23 2022(Updated: )
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoho ManageEngine ServiceDesk Plus | <14.0 | |
| Zoho ManageEngine ServiceDesk Plus | =14.0 | |
| Zoho ManageEngine ServiceDesk Plus | =14.0-14000 | |
| Zoho ManageEngine ServiceDesk Plus MSP | <10.6 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10600 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10601 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10602 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10603 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10604 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10605 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10606 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10607 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =10.6-10608 | |
| ManageEngine SupportCenter Plus | <11.0 | |
| ManageEngine SupportCenter Plus | =11.0 | |
| ManageEngine SupportCenter Plus | =11.0-11000 | |
| ManageEngine SupportCenter Plus | =11.0-11001 | |
| ManageEngine SupportCenter Plus | =11.0-11002 | |
| ManageEngine SupportCenter Plus | =11.0-11003 | |
| ManageEngine SupportCenter Plus | =11.0-11004 | |
| ManageEngine SupportCenter Plus | =11.0-11005 | |
| ManageEngine SupportCenter Plus | =11.0-11006 | |
| ManageEngine SupportCenter Plus | =11.0-11007 | |
| ManageEngine SupportCenter Plus | =11.0-11008 | |
| ManageEngine SupportCenter Plus | =11.0-11009 | |
| ManageEngine SupportCenter Plus | =11.0-11010 | |
| ManageEngine SupportCenter Plus | =11.0-11011 | |
| ManageEngine SupportCenter Plus | =11.0-11012 | |
| ManageEngine SupportCenter Plus | =11.0-11013 | |
| ManageEngine SupportCenter Plus | =11.0-11014 | |
| ManageEngine SupportCenter Plus | =11.0-11015 | |
| ManageEngine SupportCenter Plus | =11.0-11016 | |
| ManageEngine SupportCenter Plus | =11.0-11017 | |
| ManageEngine SupportCenter Plus | =11.0-11018 | |
| ManageEngine SupportCenter Plus | =11.0-11019 | |
| ManageEngine SupportCenter Plus | =11.0-11020 | |
| ManageEngine SupportCenter Plus | =11.0-11021 | |
| ManageEngine SupportCenter Plus | =11.0-11022 | |
| ManageEngine SupportCenter Plus | =11.0-11024 | |
| ManageEngine AssetExplorer | <6.9 | |
| ManageEngine AssetExplorer | =6.9 | |
| ManageEngine AssetExplorer | =6.9-6900 | |
| ManageEngine AssetExplorer | =6.9-6901 | |
| ManageEngine AssetExplorer | =6.9-6902 | |
| ManageEngine AssetExplorer | =6.9-6903 | |
| ManageEngine AssetExplorer | =6.9-6904 | |
| ManageEngine AssetExplorer | =6.9-6905 | |
| ManageEngine AssetExplorer | =6.9-6906 | |
| ManageEngine AssetExplorer | =6.9-6907 | |
| ManageEngine AssetExplorer | =6.9-6908 | |
| ManageEngine AssetExplorer | =6.9-6909 | |
| ManageEngine AssetExplorer | =6.9-6950 | |
| ManageEngine AssetExplorer | =6.9-6951 | |
| ManageEngine AssetExplorer | =6.9-6952 | |
| ManageEngine AssetExplorer | =6.9-6953 | |
| ManageEngine AssetExplorer | =6.9-6954 | |
| ManageEngine AssetExplorer | =6.9-6955 | |
| ManageEngine AssetExplorer | =6.9-6956 | |
| ManageEngine AssetExplorer | =6.9-6957 | |
| ManageEngine AssetExplorer | =6.9-6970 | |
| ManageEngine AssetExplorer | =6.9-6971 | |
| ManageEngine AssetExplorer | =6.9-6972 | |
| ManageEngine AssetExplorer | =6.9-6973 | |
| ManageEngine AssetExplorer | =6.9-6974 | |
| ManageEngine AssetExplorer | =6.9-6975 | |
| ManageEngine AssetExplorer | =6.9-6976 | |
| ManageEngine AssetExplorer | =6.9-6977 | |
| ManageEngine AssetExplorer | =6.9-6978 | |
| ManageEngine AssetExplorer | =6.9-6979 | |
| ManageEngine AssetExplorer | =6.9-6980 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-40772?
CVE-2022-40772 is considered a critical vulnerability due to its potential to expose sensitive data.
How do I fix CVE-2022-40772?
To fix CVE-2022-40772, update Zoho ManageEngine ServiceDesk Plus to version 14.0 or later or apply any available patches.
What versions are affected by CVE-2022-40772?
CVE-2022-40772 affects Zoho ManageEngine ServiceDesk Plus versions 13010 and prior, along with several versions of ServiceDesk Plus MSP and SupportCenter Plus.
Is CVE-2022-40772 actively exploited?
There are reports suggesting that CVE-2022-40772 has been actively exploited in the wild.
What types of data can be accessed due to CVE-2022-40772?
CVE-2022-40772 allows unauthorized access to sensitive data through the report module.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/zoho manageengine servicedesk plus
- version/zoho manageengine servicedesk plus/14.0
- version/zoho manageengine servicedesk plus/14.0-14000
- canonical/zoho manageengine servicedesk plus msp
- version/zoho manageengine servicedesk plus msp/10.6
- version/zoho manageengine servicedesk plus msp/10.6-10600
- version/zoho manageengine servicedesk plus msp/10.6-10601
- version/zoho manageengine servicedesk plus msp/10.6-10602
- version/zoho manageengine servicedesk plus msp/10.6-10603
- version/zoho manageengine servicedesk plus msp/10.6-10604
- version/zoho manageengine servicedesk plus msp/10.6-10605
- version/zoho manageengine servicedesk plus msp/10.6-10606
- version/zoho manageengine servicedesk plus msp/10.6-10607
- version/zoho manageengine servicedesk plus msp/10.6-10608
- canonical/manageengine supportcenter plus
- version/manageengine supportcenter plus/11.0
- version/manageengine supportcenter plus/11.0-11000
- version/manageengine supportcenter plus/11.0-11001
- version/manageengine supportcenter plus/11.0-11002
- version/manageengine supportcenter plus/11.0-11003
- version/manageengine supportcenter plus/11.0-11004
- version/manageengine supportcenter plus/11.0-11005
- version/manageengine supportcenter plus/11.0-11006
- version/manageengine supportcenter plus/11.0-11007
- version/manageengine supportcenter plus/11.0-11008
- version/manageengine supportcenter plus/11.0-11009
- version/manageengine supportcenter plus/11.0-11010
- version/manageengine supportcenter plus/11.0-11011
- version/manageengine supportcenter plus/11.0-11012
- version/manageengine supportcenter plus/11.0-11013
- version/manageengine supportcenter plus/11.0-11014
- version/manageengine supportcenter plus/11.0-11015
- version/manageengine supportcenter plus/11.0-11016
- version/manageengine supportcenter plus/11.0-11017
- version/manageengine supportcenter plus/11.0-11018
- version/manageengine supportcenter plus/11.0-11019
- version/manageengine supportcenter plus/11.0-11020
- version/manageengine supportcenter plus/11.0-11021
- version/manageengine supportcenter plus/11.0-11022
- version/manageengine supportcenter plus/11.0-11024
- canonical/manageengine assetexplorer
- version/manageengine assetexplorer/6.9
- version/manageengine assetexplorer/6.9-6900
- version/manageengine assetexplorer/6.9-6901
- version/manageengine assetexplorer/6.9-6902
- version/manageengine assetexplorer/6.9-6903
- version/manageengine assetexplorer/6.9-6904
- version/manageengine assetexplorer/6.9-6905
- version/manageengine assetexplorer/6.9-6906
- version/manageengine assetexplorer/6.9-6907
- version/manageengine assetexplorer/6.9-6908
- version/manageengine assetexplorer/6.9-6909
- version/manageengine assetexplorer/6.9-6950
- version/manageengine assetexplorer/6.9-6951
- version/manageengine assetexplorer/6.9-6952
- version/manageengine assetexplorer/6.9-6953
- version/manageengine assetexplorer/6.9-6954
- version/manageengine assetexplorer/6.9-6955
- version/manageengine assetexplorer/6.9-6956
- version/manageengine assetexplorer/6.9-6957
- version/manageengine assetexplorer/6.9-6970
- version/manageengine assetexplorer/6.9-6971
- version/manageengine assetexplorer/6.9-6972
- version/manageengine assetexplorer/6.9-6973
- version/manageengine assetexplorer/6.9-6974
- version/manageengine assetexplorer/6.9-6975
- version/manageengine assetexplorer/6.9-6976
- version/manageengine assetexplorer/6.9-6977
- version/manageengine assetexplorer/6.9-6978
- version/manageengine assetexplorer/6.9-6979
- version/manageengine assetexplorer/6.9-6980