DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2022-40770", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-40770", "description": "Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users.", "published": "2022-11-23T03:15:00", "modified": "2022-11-28T20:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40770", "reporter": "cve@mitre.org", "references": ["https://manageengine.com", "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html"], "cvelist": ["CVE-2022-40770"], "immutableFields": [], "lastseen": "2022-11-28T21:40:04", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "zdi", "idList": ["ZDI-22-1611"]}]}, "score": {"value": 4.3, "vector": "NONE"}, "twitter": {"counter": 6, "tweets": [{"link": "https://twitter.com/CVEnew/status/1595262181544808448", "text": "CVE-2022-40770 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. https://t.co/fLxYQn9wyU", "author": "CVEnew", "author_photo": "https://pbs.twimg.com/profile_images/1447927972393111557/PQRMlVvZ_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1595272636220612609", "text": " NEW: CVE-2022-40770 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. https://t.co/L76xVAs5XI", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/threatintelctr/status/1595265086578384897", "text": " NEW: CVE-2022-40770 Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. https://t.co/L76xVAJHmi", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "affected_software": {"major_version": [{"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus", "version": 13}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine servicedesk plus msp", "version": 10}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}, {"name": "zohocorp manageengine supportcenter plus", "version": 11}]}, "vulnersScore": 4.3}, "_state": {"dependencies": 1669671693, "score": 1669671698, "twitter": 0, "affected_software_major_version": 1671611801}, "_internal": {"score_hash": "ace3bd97beac4a510abfcaef09946132"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:zohocorp:manageengine_servicedesk_plus_msp:10.6", "cpe:/a:zohocorp:manageengine_supportcenter_plus:11.0", "cpe:/a:zohocorp:manageengine_servicedesk_plus:13.0"], "cpe23": ["cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*"], "cwe": ["CWE-77"], "affectedSoftware": [{"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "lt", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus", "version": "13.0", "operator": "eq", "name": "zohocorp manageengine servicedesk plus"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "lt", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_servicedesk_plus_msp", "version": "10.6", "operator": "eq", "name": "zohocorp manageengine servicedesk plus msp"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "lt", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}, {"cpeName": "zohocorp:manageengine_supportcenter_plus", "version": "11.0", "operator": "eq", "name": "zohocorp manageengine supportcenter plus"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13000:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13001:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13002:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13003:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13004:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13005:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13006:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13007:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:*:*:*:*:*:*:*", "versionEndExcluding": "13.0", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13009:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13010:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:13.0:13008:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:-:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:*:*:*:*:*:*:*", "versionEndExcluding": "10.6", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11014:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:*:*:*:*:*:*:*", "versionEndExcluding": "11.0", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11015:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11016:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://manageengine.com", "name": "https://manageengine.com", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html", "name": "https://www.manageengine.com/products/service-desk/CVE-2022-40770.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}]}

{"zdi": [{"lastseen": "2022-11-28T22:04:54", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ServiceDesk Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the invokeDataUploadTool function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-21T00:00:00", "type": "zdi", "title": "ManageEngine ServiceDesk Plus invokeDataUploadTool Command Injection Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-40770"], "modified": "2022-11-21T00:00:00", "id": "ZDI-22-1611", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1611/", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-14T20:37:42", "description": "A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus prior to 13.0 Build 13011 due to a flaw in the Analytics Plus integration input field validation. Vulnerability requires an administrator role access. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-02T00:00:00", "type": "nessus", "title": "ManageEngine ServiceDesk Plus < 13.0 Build 13011 RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-40770"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:zohocorp:manageengine_servicedesk_plus"], "id": "MANAGEENGINE_SERVICEDESK_13011.NASL", "href": "https://www.tenable.com/plugins/nessus/168359", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168359);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2022-40770\");\n script_xref(name:\"IAVA\", value:\"2022-A-0497\");\n\n script_name(english:\"ManageEngine ServiceDesk Plus < 13.0 Build 13011 RCE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus prior to 13.0 Build 13011 \ndue to a flaw in the Analytics Plus integration input field validation. Vulnerability requires an \nadministrator role access. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://www.manageengine.com/products/service-desk/CVE-2022-40770.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?888eb2db\");\n # https://www.manageengine.com/products/service-desk/on-premises/readme.html#readme130\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40ba6aa6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine ServiceDesk Plus version 13.0 Build 13011, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-40770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zohocorp:manageengine_servicedesk_plus\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"manageengine_servicedesk_detect.nasl\");\n script_require_keys(\"installed_sw/manageengine_servicedesk\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude('vcf_extras_zoho.inc');\ninclude('http.inc');\n\nvar appname = 'ManageEngine ServiceDesk Plus';\n\nvar port = get_http_port(default:8080);\nvar app_info = vcf::zoho::servicedesk::get_app_info(app:appname, port:port);\n\nvar constraints = [\n {'fixed_version': '13.0.13011', 'fixed_display': '13.0 Build 13011'} \n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-14T08:43:00", "description": "A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 13.0 Build 13000 due to a flaw in the Analytics Plus integration input field validation. Vulnerability requires an administrator role access. The option to integrate Zoho Analytics will no longer be available on ServiceDesk Plus MSP UI in build 13000. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-02T00:00:00", "type": "nessus", "title": "ManageEngine ServiceDesk Plus MSP < 13.0 Build 13000 RCE", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-40770"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:zohocorp:manageengine_servicedesk_plus_msp"], "id": "MANAGEENGINE_SERVICEDESK_MSP_13000.NASL", "href": "https://www.tenable.com/plugins/nessus/168355", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168355);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2022-40770\");\n script_xref(name:\"IAVA\", value:\"2022-A-0497\");\n\n script_name(english:\"ManageEngine ServiceDesk Plus MSP < 13.0 Build 13000 RCE\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 13.0 \nBuild 13000 due to a flaw in the Analytics Plus integration input field validation. Vulnerability \nrequires an administrator role access. The option to integrate Zoho Analytics will no longer be \navailable on ServiceDesk Plus MSP UI in build 13000. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://www.manageengine.com/products/service-desk/CVE-2022-40770.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?888eb2db\");\n # https://www.manageengine.com/products/service-desk-msp/readme.html#13000\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68c25399\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine ServiceDesk Plus MSP version 13.0 Build 13000, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-40770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zohocorp:manageengine_servicedesk_plus_msp\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"manageengine_servicedesk_detect.nasl\");\n script_require_keys(\"installed_sw/manageengine_servicedesk\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\n\ninclude('vcf_extras_zoho.inc');\ninclude('http.inc');\n\nvar appname = 'ManageEngine ServiceDesk Plus MSP';\n\nvar port = get_http_port(default:8080);\nvar app_info = vcf::zoho::servicedesk::get_app_info(app:appname, port:port);\n\nvar constraints = [\n {'fixed_version': '13.0.13000', 'fixed_display': '13.0 Build 13000'} \n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-15T03:11:54", "description": "The version of ManageEngine SupportCenter Plus prior to 11.0 Build 11026 is running on the remote web server. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A remote code execution vulnerability due to a flaw in the Analytics Plus integration input field validation. Vulnerability requires an administrator role access. (CVE-2022-40770)\n\n - An XML external entity (XXE) vulnerability due to a flaw in the Analytics Plus integration.\n Threat actors with admin role access can retrieve local files from the server. (CVE-2022-40771)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-02T00:00:00", "type": "nessus", "title": "ManageEngine SupportCenter Plus < 11.0 Build 11026 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-40770", "CVE-2022-40771"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:manageengine:supportcenter_plus"], "id": "MANAGEENGINE_SUPPORTCENTER_11026.NASL", "href": "https://www.tenable.com/plugins/nessus/168358", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168358);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2022-40770\", \"CVE-2022-40771\");\n script_xref(name:\"IAVA\", value:\"2022-A-0497\");\n\n script_name(english:\"ManageEngine SupportCenter Plus < 11.0 Build 11026 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts an application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ManageEngine SupportCenter Plus prior to 11.0 Build 11026 is running on the remote \nweb server. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - A remote code execution vulnerability due to a flaw in the Analytics Plus integration input \n field validation. Vulnerability requires an administrator role access. (CVE-2022-40770)\n\n - An XML external entity (XXE) vulnerability due to a flaw in the Analytics Plus integration.\n Threat actors with admin role access can retrieve local files from the server. (CVE-2022-40771)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's\nself-reported version number.\");\n # https://www.manageengine.com/products/service-desk/CVE-2022-40770.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?888eb2db\");\n # https://www.manageengine.com/products/service-desk/CVE-2022-40771.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ad23e3c8\");\n # https://www.manageengine.com/products/support-center/readme.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2a6242a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine SupportCenter Plus version 11.0 Build 11026, or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-40770\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:manageengine:supportcenter_plus\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 Tenable, Inc.\");\n\n script_dependencies(\"manageengine_supportcenter_detect.nasl\");\n script_require_keys(\"installed_sw/ManageEngine SupportCenter\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras_zoho.inc');\ninclude('http.inc');\n\nvar port = get_http_port(default:8080);\nvar appname = 'ManageEngine SupportCenter';\n\nvar app_info = vcf::zoho::fix_parse::get_app_info(app:appname, port:port);\n\nvar constraints = [\n {'fixed_version': '11026', 'fixed_display' : '11.0 Build 11026'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}