vulnerability
Zoho ManageEngine ServiceDesk Plus: CVE-2022-40771: XXE vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:C/I:N/A:N) | Oct 14, 2022 | Dec 18, 2024 | Mar 27, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:C/I:N/A:N)
Published
Oct 14, 2022
Added
Dec 18, 2024
Modified
Mar 27, 2026
Description
An XXE vulnerability in the advanced analytics settings that could only be accessed by an admin user has been fixed and released in multiple ITSM products.
Solution
zoho-manageengine-servicedesk-plus-upgrade-latest
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.