CVE ID : CVE-2022-40772
|Product Name||Severity||Affected Version(s)||Fixed Version(s)||Fixed On|
|ServiceDesk Plus||Medium||14000 and below||14001||Oct. 14, 2022|
|ServiceDesk Plus MSP||Medium||10608 and below||10609||Sept. 26, 2022|
|SupportCenter Plus||Medium||11024 and below||11025||Oct. 13, 2022|
|AssetExplorer||Medium||6980 and below||6981||Oct. 13, 2022|
This vulnerability allows an adversary to access restricted data in the Postgres database setup by using a specific PostgreSQL function in the query, which enables bypassing the validation mechanism.
Users who have access to query reports can access restricted data.
Steps to upgrade
This vulnerability was reported by Piotr Bazydlo (@chudypb) of Trend Micro's Zero Day Initiative.
If you have any questions or concerns, please contact product support for further details at the below-mentioned email addresses.
ServiceDesk Plus: email@example.com
ServiceDesk Plus MSP: firstname.lastname@example.org
SupportCenter Plus: email@example.com