CVE-2023-28340

Published: Apr 11, 2023Modified: Feb 10, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.2 / Impact: 5.2

Source: NVD

Description

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.

Affected (4)

Products: Zohocorp: Manageengine Applications Manager

1 product

Manageengine Applications Manager

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Applications Manager	Before 16.3
Zohocorp Manageengine Applications Manager	Version 16.3 build16300
Zohocorp Manageengine Applications Manager	Version 16.3 build16310
Zohocorp Manageengine Applications Manager	Version 16.3 build16320

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

https://manageengine.com

Source: cve@mitre.org

Product

https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html

Source: cve@mitre.org

PatchVendor Advisory

https://manageengine.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.