Lucene search
TalosCVELIST:CVE-2022-43473HistoryMar 30, 2023 - 4:28 p.m.
CVE-2022-43473
2023-03-3016:28:35
CWE-611
talos
www.cve.org
4
xxe vulnerability
manageengine opmanager
ssrf
xml file
ssrf vulnerability
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.011
Percentile
84.7%
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve
a malicious XML payload to trigger this vulnerability.
CNA Affected
[
{
"vendor": "ManageEngine",
"product": "OpManager",
"versions": [
{
"version": " 12.6.168",
"status": "affected"
}
]
}
]Related
talosblog
talosblog
talos
talos
ManageEngine OpManager Add UCS Device blind XXE vulnerability
2023-03-30 00:00:00
nvd
nvd
CVE-2022-43473
2023-03-30 17:15:06
nessus
nessus
prion
prion
Xxe
2023-03-30 17:15:00
cve
cve
CVE-2022-43473
2023-03-30 17:15:06
CVSS3
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0.011
Percentile
84.7%
Related for CVELIST:CVE-2022-43473