CVE-2022-43473

5.8MEDIUM

Key Information

Vendor: Manageengine
Status: Opmanager
Vendor: CVE Published:; 30 March 2023

Summary

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Affected Version(s)

OpManager = 12.6.168

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: 5.4 to: 5.8 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Mar 30, 2023
Vulnerability Reserved.
Dec 5, 2022

Collectors

NVD DatabaseMitre Database