Lucene search

[email protected]CVE-2023-22964

HistoryJan 20, 2023 - 5:15 p.m.

CVE-2023-22964

2023-01-2017:15:11

CWE-287

[email protected]

web.nvd.nist.gov

cve-2023-22964

zoho manageengine

servicedesk plus msp

authentication bypass

ldap authentication

vulnerability

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.

Affected configurations

NVD

Node

zohocorpmanageengine_servicedesk_plus_mspMatch10.610600

zohocorpmanageengine_servicedesk_plus_mspMatch10.610601

zohocorpmanageengine_servicedesk_plus_mspMatch10.610602

zohocorpmanageengine_servicedesk_plus_mspMatch10.610603

zohocorpmanageengine_servicedesk_plus_mspMatch10.610604

zohocorpmanageengine_servicedesk_plus_mspMatch10.610605

zohocorpmanageengine_servicedesk_plus_mspMatch10.610606

zohocorpmanageengine_servicedesk_plus_mspMatch10.610607

zohocorpmanageengine_servicedesk_plus_mspMatch10.610608

zohocorpmanageengine_servicedesk_plus_mspMatch10.610609

zohocorpmanageengine_servicedesk_plus_mspMatch10.610610

zohocorpmanageengine_servicedesk_plus_mspMatch13.013000

zohocorpmanageengine_servicedesk_plus_mspMatch13.013001

zohocorpmanageengine_servicedesk_plus_mspMatch13.013002

zohocorpmanageengine_servicedesk_plus_mspMatch13.013003

CPENameOperatorVersion
zohocorp:manageengine_servicedesk_plus_mspzohocorp manageengine servicedesk plus mspeq10.6
zohocorp:manageengine_servicedesk_plus_mspzohocorp manageengine servicedesk plus mspeq13.0

CPE	Name	Operator	Version
zohocorp:manageengine_servicedesk_plus_msp	zohocorp manageengine servicedesk plus msp	eq	10.6
zohocorp:manageengine_servicedesk_plus_msp	zohocorp manageengine servicedesk plus msp	eq	13.0

References

manageengine.com

www.manageengine.com/products/service-desk-msp/cve-2023-22964.html

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2023-22964

prion1 cvelist1 nessus1 nvd1