CVE Vulnerability

CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.

9.1 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://manageengine.com Product
https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003:*:*:*:*:*:*
Information

Published : 2023-01-20 05:15

Updated : 2023-01-27 03:04

NVD link : CVE-2023-22964

Mitre link : CVE-2023-22964

Products Affected
No products.
CWE
CWE-287