CVE-2023-35786

nvd nist

Published: Jul 5, 2023Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files.

Affected (36)

Products: Zohocorp: Manageengine Admanager Plus

Zohocorp

1 product

Manageengine Admanager Plus

Configuration A

36 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Admanager Plus	Before 7.1
Zohocorp Manageengine Admanager Plus	Version 7.1
Zohocorp Manageengine Admanager Plus	Version 7.1 7100
Zohocorp Manageengine Admanager Plus	Version 7.1 7101
Zohocorp Manageengine Admanager Plus	Version 7.1 7102
Zohocorp Manageengine Admanager Plus	Version 7.1 7110
Zohocorp Manageengine Admanager Plus	Version 7.1 7111
Zohocorp Manageengine Admanager Plus	Version 7.1 7112
Zohocorp Manageengine Admanager Plus	Version 7.1 7113
Zohocorp Manageengine Admanager Plus	Version 7.1 7114
Zohocorp Manageengine Admanager Plus	Version 7.1 7115
Zohocorp Manageengine Admanager Plus	Version 7.1 7116
Zohocorp Manageengine Admanager Plus	Version 7.1 7117
Zohocorp Manageengine Admanager Plus	Version 7.1 7118
Zohocorp Manageengine Admanager Plus	Version 7.1 7120
Zohocorp Manageengine Admanager Plus	Version 7.1 7121
Zohocorp Manageengine Admanager Plus	Version 7.1 7122
Zohocorp Manageengine Admanager Plus	Version 7.1 7123
Zohocorp Manageengine Admanager Plus	Version 7.1 7124
Zohocorp Manageengine Admanager Plus	Version 7.1 7125
Zohocorp Manageengine Admanager Plus	Version 7.1 7126
Zohocorp Manageengine Admanager Plus	Version 7.1 7130
Zohocorp Manageengine Admanager Plus	Version 7.1 7131
Zohocorp Manageengine Admanager Plus	Version 7.1 7140
Zohocorp Manageengine Admanager Plus	Version 7.1 7141
Zohocorp Manageengine Admanager Plus	Version 7.1 7150
Zohocorp Manageengine Admanager Plus	Version 7.1 7151
Zohocorp Manageengine Admanager Plus	Version 7.1 7160
Zohocorp Manageengine Admanager Plus	Version 7.1 7161
Zohocorp Manageengine Admanager Plus	Version 7.1 7162
Zohocorp Manageengine Admanager Plus	Version 7.1 7163
Zohocorp Manageengine Admanager Plus	Version 7.1 7170
Zohocorp Manageengine Admanager Plus	Version 7.1 7171
Zohocorp Manageengine Admanager Plus	Version 7.1 7180
Zohocorp Manageengine Admanager Plus	Version 7.1 7181
Zohocorp Manageengine Admanager Plus	Version 7.1 7182

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-35786.html

Source: cve@mitre.org

Vendor Advisory

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-35786.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.