Lucene search
HistoryApr 11, 2023 - 1:15 a.m.
CVE-2023-28340
zoho manageengine
xxe attack
cve-2023-28340
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
45.4%
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.
Affected configurations
Node
zohocorpmanageengine_applications_managerRange<16.3
ORzohocorpmanageengine_applications_managerMatch16.3build16300
ORzohocorpmanageengine_applications_managerMatch16.3build16310
ORzohocorpmanageengine_applications_managerMatch16.3build16320
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zohocorp | manageengine_applications_manager | * | cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.3 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.3 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:* |
| zohocorp | manageengine_applications_manager | 16.3 | cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-28340
2023-04-11 00:00:00
prion
prion
Design/Logic Flaw
2023-04-11 01:15:00
cve
cve
CVE-2023-28340
2023-04-11 01:15:07
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS
0.001
Percentile
45.4%
Related for NVD:CVE-2023-28340