GCVE - cpe:2.3:a:zohocorp:manageengine_servicedesk_plus

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*

part: a version: 10.6 update: -

Vendor	Zohocorp (`4f1ab088-ab0e-54ac-b0dc-2304879a7502`)
Product	Manageengine Servicedesk Plus Msp (`e2c7e134-94e2-52f3-b9ab-d3a2225cb0a0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-40773`	vulnerable	2026-06-03 14:48:03.584647	Details available Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. Published: 2022-11-12T00:00:00.000Z Updated: 2025-05-01T13:30:33.850Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk-msp/cve-2022-40773.html https://www.zerodayinitiative.com/advisories/ZDI-22-1490/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40772`	vulnerable	2026-06-03 14:48:03.582729	Details available Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. Published: 2022-11-23T00:00:00.000Z Updated: 2025-04-28T19:34:22.092Z Open on db.gcve.eu Reference links https://manageengine.com https://www.manageengine.com/products/service-desk/CVE-2022-40772.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-40770`	vulnerable	2026-06-03 14:48:03.539793	Details available Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. Published: 2022-11-23T00:00:00.000Z Updated: 2025-04-28T19:38:56.406Z Open on db.gcve.eu Reference links https://manageengine.com https://www.manageengine.com/products/service-desk/CVE-2022-40770.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-32551`	vulnerable	2026-06-03 14:47:22.701517	Details available Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). Published: 2022-07-01T23:51:50.000Z Updated: 2024-08-03T07:46:43.628Z Open on db.gcve.eu Reference links https://www.manageengine.com/products/service-desk-msp/CVE-2022-32551.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Zoho Corp ManageEngine ServiceDesk Plus MSP 10.6

PURL mappings

Vulnerability references

Contribute