Lucene search

INCIBECVELIST:CVE-2023-4769

HistoryNov 03, 2023 - 10:55 a.m.

CVE-2023-4769 Server-Side Request Forgery in ManageEngine Desktop Central

2023-11-0310:55:13

CWE-918

INCIBE

www.cve.org

ssrf

manageengine desktop central

version 9.1.0

http requests

targeted attacks

authenticated attacker

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Desktop Central",
    "vendor": "ManageEngine",
    "versions": [
      {
        "status": "affected",
        "version": "9.1.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.004

Percentile

73.7%

JSON

Related for CVELIST:CVE-2023-4769