Lucene search

[email protected]CVE-2023-28340

HistoryApr 11, 2023 - 1:15 a.m.

CVE-2023-28340

2023-04-1101:15:07

CWE-611

[email protected]

web.nvd.nist.gov

cve-2023-28340

zoho

manageengine

applications manager

xxe

vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.

Affected configurations

NVD

Node

zohocorpmanageengine_applications_managerRange<16.3

zohocorpmanageengine_applications_managerMatch16.3build16300

zohocorpmanageengine_applications_managerMatch16.3build16310

zohocorpmanageengine_applications_managerMatch16.3build16320

CPENameOperatorVersion
zohocorp:manageengine_applications_managerzohocorp manageengine applications managerlt16.3

CPE	Name	Operator	Version
zohocorp:manageengine_applications_manager	zohocorp manageengine applications manager	lt	16.3

References

manageengine.com

www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for CVE-2023-28340

prion1 cvelist1 nvd1