CVE-2023-22964

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://manageengine.com	Product
https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002::::::
	cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003::::::

History

No history.

Information

Published : 2023-01-20 17:15

Updated : 2024-02-28 19:51

NVD link : CVE-2023-22964

Mitre link : CVE-2023-22964

CVE.ORG link : CVE-2023-22964

JSON object : View

Products Affected

zohocorp

manageengine_servicedesk_plus_msp

CWE

CWE-287

Improper Authentication

{"id": "CVE-2023-22964", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-01-20T17:15:11.003", "references": [{"url": "https://manageengine.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.manageengine.com/products/service-desk-msp/cve-2023-22964.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled."}], "lastModified": "2023-01-27T15:04:24.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10600:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "877000C8-0405-481D-95CC-72B783457401"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10601:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DC5243C-C10E-46A1-A71E-7E736FC651E2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10602:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C17D5800-8A5A-44BE-ACE3-6FB21631551C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10603:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D27B7FA3-95C7-469F-BAB8-3CAE35AE7CD1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10604:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1671DFA-9DAA-41E5-9528-50F63D32FBF1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10605:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F539D31-62C3-4129-8B56-8CDCD8F8E0A8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10606:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BAC4E7-840F-461A-A0F9-6E29F5C43F45"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10607:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EB47A8C-7569-45C7-A7A9-4E8C898CE6D2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10608:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF8EED5-6575-41EC-9E5D-0BC0355AF0D1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10609:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D0F1C6C-878B-4E5E-BE82-1FC0B17CEF3C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.6:10610:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C40C9186-B510-401C-B934-3432C80A38A1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0998F749-27E4-4C98-A027-939427640F8E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05694BAB-3210-47A6-8FAD-5AC84FBAD240"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13003:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD0F5553-E56E-4DFC-BEE1-62872D078886"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}