Blind XML External Entity Vulnerability in ManageEngine OpManager
CVE-2022-43473

5.8MEDIUM

Key Information:

Vendor: Manageengine
Status: Opmanager
Vendor: CVE Published:; 30 March 2023

Summary

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager. This flaw allows attackers to exploit the system by supplying a specially crafted XML file, leading to potential Server-Side Request Forgery (SSRF). It is crucial for users of affected versions to apply security measures to safeguard their systems against this vulnerability.

Affected Version(s)

OpManager 12.6.168

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://www.manageengine.com/itom/advisory/cve-2022-43473...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 30, 2023
Vulnerability Reserved
Dec 5, 2022