CVE-2022-43473

2023-03-3016:28:35

CWE-611

talos

www.cve.org

xxe vulnerability

manageengine opmanager

ssrf

xml file

ssrf vulnerability

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

0.006 Low

EPSS

Percentile

79.1%

JSON

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve
a malicious XML payload to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "ManageEngine",
    "product": "OpManager",
    "versions": [
      {
        "version": " 12.6.168",
        "status": "affected"
      }
    ]
  }
]