← Back

CVE-2022-43473

nvd nist
Published: Mar 30, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Affected (81)

Zohocorp
3 products
Manageengine Opmanager
Manageengine Opmanager Plus
Manageengine Opmanager Msp
Configuration A
47 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Opmanager
Before 12.6
Manageengine Opmanager
Version 12.6 build126000
Manageengine Opmanager
Version 12.6 build126001
Manageengine Opmanager
Version 12.6 build126002
Manageengine Opmanager
Version 12.6 build126004
Manageengine Opmanager
Version 12.6 build126005
Manageengine Opmanager
Version 12.6 build126100
Manageengine Opmanager
Version 12.6 build126101
Manageengine Opmanager
Version 12.6 build126102
Manageengine Opmanager
Version 12.6 build126103
Manageengine Opmanager
Version 12.6 build126104
Manageengine Opmanager
Version 12.6 build126107
Manageengine Opmanager
Version 12.6 build126108
Manageengine Opmanager
Version 12.6 build126109
Manageengine Opmanager
Version 12.6 build126110
Manageengine Opmanager
Version 12.6 build126113
Manageengine Opmanager
Version 12.6 build126114
Manageengine Opmanager
Version 12.6 build126115
Manageengine Opmanager
Version 12.6 build126116
Manageengine Opmanager
Version 12.6 build126117
Manageengine Opmanager
Version 12.6 build126118
Manageengine Opmanager
Version 12.6 build126119
Manageengine Opmanager
Version 12.6 build126120
Manageengine Opmanager
Version 12.6 build126121
Manageengine Opmanager
Version 12.6 build126122
Manageengine Opmanager
Version 12.6 build126130
Manageengine Opmanager
Version 12.6 build126131
Manageengine Opmanager
Version 12.6 build126132
Manageengine Opmanager
Version 12.6 build126134
Manageengine Opmanager
Version 12.6 build126135
Manageengine Opmanager
Version 12.6 build126136
Manageengine Opmanager
Version 12.6 build126139
Manageengine Opmanager
Version 12.6 build126141
Manageengine Opmanager
Version 12.6 build126147
Manageengine Opmanager
Version 12.6 build126148
Manageengine Opmanager
Version 12.6 build126149
Manageengine Opmanager
Version 12.6 build126150
Manageengine Opmanager
Version 12.6 build126151
Manageengine Opmanager
Version 12.6 build126154
Manageengine Opmanager
Version 12.6 build126155
Manageengine Opmanager
Version 12.6 build126162
Manageengine Opmanager
Version 12.6 build126163
Manageengine Opmanager
Version 12.6 build126164
Manageengine Opmanager
Version 12.6 build126165
Manageengine Opmanager
Version 12.6 build126166
Manageengine Opmanager
Version 12.6 build126167
Manageengine Opmanager
Version 12.6 build126168
Configuration B
17 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Opmanager Plus
Before 12.6
Manageengine Opmanager Plus
Version 12.6 build126001
Manageengine Opmanager Plus
Version 12.6 build126002
Manageengine Opmanager Plus
Version 12.6 build126100
Manageengine Opmanager Plus
Version 12.6 build126103
Manageengine Opmanager Plus
Version 12.6 build126104
Manageengine Opmanager Plus
Version 12.6 build126107
Manageengine Opmanager Plus
Version 12.6 build126113
Manageengine Opmanager Plus
Version 12.6 build126117
Manageengine Opmanager Plus
Version 12.6 build126119
Manageengine Opmanager Plus
Version 12.6 build126122
Manageengine Opmanager Plus
Version 12.6 build126139
Manageengine Opmanager Plus
Version 12.6 build126140
Manageengine Opmanager Plus
Version 12.6 build126141
Manageengine Opmanager Plus
Version 12.6 build126154
Manageengine Opmanager Plus
Version 12.6 build126155
Manageengine Opmanager Plus
Version 12.6 build126264
Configuration C
17 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Opmanager Msp
Before 12.6
Manageengine Opmanager Msp
Version 12.6 build126001
Manageengine Opmanager Msp
Version 12.6 build126002
Manageengine Opmanager Msp
Version 12.6 build126100
Manageengine Opmanager Msp
Version 12.6 build126103
Manageengine Opmanager Msp
Version 12.6 build126104
Manageengine Opmanager Msp
Version 12.6 build126107
Manageengine Opmanager Msp
Version 12.6 build126113
Manageengine Opmanager Msp
Version 12.6 build126117
Manageengine Opmanager Msp
Version 12.6 build126119
Manageengine Opmanager Msp
Version 12.6 build126122
Manageengine Opmanager Msp
Version 12.6 build126139
Manageengine Opmanager Msp
Version 12.6 build126140
Manageengine Opmanager Msp
Version 12.6 build126141
Manageengine Opmanager Msp
Version 12.6 build126154
Manageengine Opmanager Msp
Version 12.6 build126155
Manageengine Opmanager Msp
Version 12.6 build126264

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (5)

Source: talos-cna@cisco.com
ExploitThird Party Advisory
Source: talos-cna@cisco.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.