Lucene search

K
cve[email protected]CVE-2023-28340
HistoryApr 11, 2023 - 1:15 a.m.

CVE-2023-28340

2023-04-1101:15:07
CWE-611
web.nvd.nist.gov
12
cve-2023-28340
zoho
manageengine
applications manager
xxe
vulnerability
nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.

Affected configurations

NVD
Node
zohocorpmanageengine_applications_managerRange<16.3
OR
zohocorpmanageengine_applications_managerMatch16.3build16300
OR
zohocorpmanageengine_applications_managerMatch16.3build16310
OR
zohocorpmanageengine_applications_managerMatch16.3build16320

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

Related for CVE-2023-28340