CVE-2022-35403

HIGH

Zoho ManageEngine <13008 - Info Disclosure

Title source: llm
STIX 2.1

Description

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0281
EPSS Percentile 86.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (7)
zohocorp/manageengine_assetexplorer 6.9 6900 (25 CPE variants)
zohocorp/manageengine_assetexplorer < 6.9
zohocorp/manageengine_servicedesk_plus 13.0 13000 (8 CPE variants)
zohocorp/manageengine_servicedesk_plus < 13.0
zohocorp/manageengine_servicedesk_plus_msp 10.6 10600 (6 CPE variants)
zohocorp/manageengine_servicedesk_plus_msp < 10.6
zohocorp/manageengine_supportcenter_plus 11.0 11000 (8 CPE variants)
Published Jul 12, 2022
Tracked Since Feb 18, 2026