Lucene search

INCIBECVE-2023-4769

HistoryNov 03, 2023 - 11:15 a.m.

CVE-2023-4769

2023-11-0311:15:08

CWE-918

INCIBE

web.nvd.nist.gov

ssrf

vulnerability

manageengine desktop central

cve-2023-4769

http requests

targeted attacks

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

zohocorpmanageengine_desktop_centralMatch9.1.0

VendorProductVersionCPE
zohocorpmanageengine_desktop_central9.1.0cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_desktop_central	9.1.0	cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Desktop Central",
    "vendor": "ManageEngine",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Related for CVE-2023-4769