Server-Side Request Forgery in ManageEngine Desktop Central
CVE-2023-4769

8.8HIGH

Key Information:

Vendor: ManageEngine
Status: Desktop Central
Vendor: CVE Published:; 3 November 2023

🔔 Create ManageEngine Vulnerability Alert

What is CVE-2023-4769?

An SSRF vulnerability has been identified in ManageEngine Desktop Central, particularly in the /smtpConfig.do component. This flaw may allow authenticated attackers to conduct targeted attacks, including cross-port exploitation and service enumeration, by crafting malicious HTTP requests. Attackers can leverage this vulnerability to gain unauthorized access to internal services or execute other disruptive maneuvers within the network environment.

Affected Version(s)

Desktop Central 9.1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2023
Vulnerability Reserved
Sep 5, 2023

Credit

Rafael Pedrero