← back
CVE-2022-40773

CVE-2022-40773

CVSS 8.8 HIGHEPSS 4.5%CWE-20
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 4.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.htmlhttps://www.zerodayinitiative.com/advisories/ZDI-22-1490/