Lucene search

[email protected]CVE-2019-14693

HistoryAug 08, 2019 - 6:15 p.m.

CVE-2019-14693

2019-08-0818:15:10

CWE-611

[email protected]

web.nvd.nist.gov

cve-2019-14693

zoho

manageengine

assetexplorer

xml

xxe

vulnerability

nvd

information security

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Affected configurations

NVD

Node

zohocorpmanageengine_assetexplorerMatch6.2.0

CPENameOperatorVersion
zohocorp:manageengine_assetexplorerzohocorp manageengine assetexplorereq6.2.0

CPE	Name	Operator	Version
zohocorp:manageengine_assetexplorer	zohocorp manageengine assetexplorer	eq	6.2.0

References

www.excellium-services.com/cert-xlm-advisory/cve-2019-14693

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for CVE-2019-14693

nvd1 cvelist1 prion1