Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2023-48646
HistoryNov 22, 2023 - 6:15 p.m.

CVE-2023-48646

2023-11-2218:15:09
mitre
web.nvd.nist.gov
14
cve-2023-48646
zoho
manageengine
recoverymanager plus
vulnerability
arbitrary commands
nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.

Affected configurations

Nvd
Node
zohocorpmanageengine_recoverymanager_plusRange<6.0
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6001
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6003
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6005
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6011
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6016
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6017
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6020
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6025
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6026
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6030
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6031
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6032
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6041
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6042
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6043
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6044
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6047
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6049
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6050
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6051
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6053
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6054
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6056
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6057
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6058
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6060
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6061
OR
zohocorpmanageengine_recoverymanager_plusMatch6.0build6062
VendorProductVersionCPE
zohocorpmanageengine_recoverymanager_plus*cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*
zohocorpmanageengine_recoverymanager_plus6.0cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*
Rows per page:
1-10 of 291

Related

cvelist 1
zdi 1
prion 1
nvd 1
cvelist
cvelist
CVE-2023-48646
2023-11-22 00:00:00
zdi
zdi
ManageEngine Recovery Manager Plus getEscapedValue Command Injection Remote Code Execution Vulnerability
2023-11-22 00:00:00
prion
prion
Command injection
2023-11-22 18:15:00
nvd
nvd
CVE-2023-48646
2023-11-22 18:15:09

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON
Related for CVE-2023-48646
cvelist1zdi1prion1nvd1