CVE-2023-22964

Published Jan 20, 2023

Last updated 2 years ago

CVSS critical 9.1

Overview

Description: Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "877000C8-0405-481D-95CC-72B783457401"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1DC5243C-C10E-46A1-A71E-7E736FC651E2"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C17D5800-8A5A-44BE-ACE3-6FB21631551C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1671DFA-9DAA-41E5-9528-50F63D32FBF1"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3BAC4E7-840F-461A-A0F9-6E29F5C43F45"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D0F1C6C-878B-4E5E-BE82-1FC0B17CEF3C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C40C9186-B510-401C-B934-3432C80A38A1"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0998F749-27E4-4C98-A027-939427640F8E"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05694BAB-3210-47A6-8FAD-5AC84FBAD240"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD0F5553-E56E-4DFC-BEE1-62872D078886"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References