Lucene search

[email protected]CVE-2023-22624

HistoryJan 17, 2023 - 8:15 p.m.

CVE-2023-22624

2023-01-1720:15:11

CWE-611

[email protected]

web.nvd.nist.gov

cve-2023-22624

zoho manageengine

exchange reporter plus

5708

xxe

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.

Affected configurations

NVD

Node

zohocorpmanageengine_exchange_reporter_plusRange<5.7

zohocorpmanageengine_exchange_reporter_plusMatch5.75700

zohocorpmanageengine_exchange_reporter_plusMatch5.75701

zohocorpmanageengine_exchange_reporter_plusMatch5.75702

zohocorpmanageengine_exchange_reporter_plusMatch5.75703

zohocorpmanageengine_exchange_reporter_plusMatch5.75704

zohocorpmanageengine_exchange_reporter_plusMatch5.75705

zohocorpmanageengine_exchange_reporter_plusMatch5.75706

zohocorpmanageengine_exchange_reporter_plusMatch5.75707

CPENameOperatorVersion
zohocorp:manageengine_exchange_reporter_pluszohocorp manageengine exchange reporter pluslt5.7

CPE	Name	Operator	Version
zohocorp:manageengine_exchange_reporter_plus	zohocorp manageengine exchange reporter plus	lt	5.7

References

www.manageengine.com/products/exchange-reports/advisory/CVE-2023-22624.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for CVE-2023-22624

cvelist1 prion1 nvd1