CVE-2022-43473

5.8MEDIUM

Key Information:

Vendor: Manageengine
Status: Opmanager
Vendor: CVE Published:; 30 March 2023

Summary

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Affected Version(s)

OpManager 12.6.168

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.manageengine.com/itom/advisory/cve-2022-43473...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 30, 2023
Vulnerability Reserved
Dec 5, 2022

Collectors

NVD DatabaseMitre Database