Lucene search

[email protected]NVD:CVE-2023-4769

HistoryNov 03, 2023 - 11:15 a.m.

CVE-2023-4769

2023-11-0311:15:08

CWE-918

[email protected]

web.nvd.nist.gov

ssrf

manageengine

desktop central

9.1.0

authenticated attacker

targeted attacks

cross-port attack

service enumeration

http requests

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

Affected configurations

Nvd

Node

zohocorpmanageengine_desktop_centralMatch9.1.0

VendorProductVersionCPE
zohocorpmanageengine_desktop_central9.1.0cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zohocorp	manageengine_desktop_central	9.1.0	cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0:::::::*

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Related for NVD:CVE-2023-4769

prion1 vulnrichment1 cvelist1 cve1