CVE-2022-40772

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus versions 13010 and prior

Description The issue is related to a validation bypass that allows users to access sensitive data via the report module. This is due to improper input validation, which can lead to privilege escalation. The generateSQLReport function is specifically mentioned as being vulnerable to this issue.

Recommendations For Zoho ManageEngine ServiceDesk Plus versions 13010 and prior, consider disabling the report module or restricting access to sensitive data until a patch is available. As a temporary workaround, avoid using the report module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.