PT-2022-22805 · Manageengine · Servicedesk Plus+3

Published

2022-07-12

Updated

2022-07-19

CVE-2022-35403

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ServiceDesk Plus versions prior to 13008 ServiceDesk Plus MSP versions prior to 10606 SupportCenter Plus versions prior to 11022 Asset Explorer versions prior to 6977

Description The issue is related to an unauthenticated local file disclosure vulnerability. This vulnerability can be exploited via ticket-creation email.

Recommendations For ServiceDesk Plus versions prior to 13008, update to version 13008 or later. For ServiceDesk Plus MSP versions prior to 10606, update to version 10606 or later. For SupportCenter Plus versions prior to 11022, update to version 11022 or later. For Asset Explorer versions prior to 6977, update to version 6977 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-35403

Affected Products

Assetexplorer

Servicedesk Plus

Servicedesk Plus Msp

Supportcenter Plus

PT-2022-22805 · Manageengine · Servicedesk Plus+3

CVE-2022-35403

Related Identifiers

Affected Products

References · 5