CVE-2022-40773

HIGH

ManageEngine ServiceDesk Plus MSP < 10609 & SupportCenter Plus < 11025 - Privilege Escalation via ExportMickeyList

Title source: llm

Description

Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view.

References (2)

Core 2

Core References

Vendor Advisory

https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html

Third Party Advisory, VDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-22-1490/

Scores

CVSS v3 8.8

EPSS 0.0069

EPSS Percentile 71.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20

Status published

Products (4)

zohocorp/manageengine_servicedesk_plus_msp 10.6 (10 CPE variants)

zohocorp/manageengine_servicedesk_plus_msp < 10.6

zohocorp/manageengine_supportcenter_plus 11.0 (25 CPE variants)

zohocorp/manageengine_supportcenter_plus < 11.0

Published Nov 12, 2022

Tracked Since Feb 18, 2026