CVE-2022-40770
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
23/11/2022
Last modified:
28/04/2025
Description
Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:* | 13.0 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:* | 10.6 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page