XXE Vulnerability in Zoho ManageEngine Applications Manager
CVE-2023-28340

6.5MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Applications Manager
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-28340?

The Zoho ManageEngine Applications Manager through version 16320 is susceptible to an XML External Entity (XXE) attack that allows an authenticated admin user to manipulate XML input leading to potentially unauthorized access to sensitive data. This vulnerability can be exploited to read local files or conduct other harmful activities, posing a significant risk to the integrity and confidentiality of the system. Organizations using this version of the software are advised to apply necessary security updates to mitigate the risks.

References

https://manageengine.com

https://www.manageengine.com/products/applications_manage...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 14, 2023

Zohocorp

What is CVE-2023-28340?

References

CVSS V3.1

Timeline