CVE-2023-22964

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10611 Zoho ManageEngine ServiceDesk Plus versions 13.x prior to 13004

Description The issue is related to the implementation of the authentication mechanism via the LDAP protocol in the Zoho ManageEngine ServiceDesk Plus system, which is associated with deficiencies in the authentication procedure. Exploitation of this issue may allow a remote attacker to elevate their privileges. The vulnerability is specifically related to an unsafe LDAP configuration when LDAP authentication is enabled.

Recommendations For Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10611, update to version 10611 or later. For Zoho ManageEngine ServiceDesk Plus versions 13.x prior to 13004, update to version 13004 or later. As a temporary workaround, consider disabling LDAP authentication until a patch is available. Restrict access to the LDAP configuration to minimize the risk of exploitation.