Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MANAGEENGINE_OPMANAGER_CVE-2022-43473.NASL
HistoryApr 06, 2023 - 12:00 a.m.

ManageEngine OpManager 12.6.x < 12.6.141 / 12.6.154 / 12.6.169 XML External Entity

2023-04-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
manageengine opmanager
xml vulnerability
security scanner
ssrf
xxe

0.006 Low

EPSS

Percentile

79.1%

JSON

The version of ManageEngine OpManager running on the remote web server is 12.6.x prior to 12.6.141 / 12.6.154 / 12.6.169. It is, there, affected by an XML external entity vulnerability. A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(174001);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/19");

  script_cve_id("CVE-2022-43473");
  script_xref(name:"IAVA", value:"2023-A-0171");

  script_name(english:"ManageEngine OpManager 12.6.x < 12.6.141 / 12.6.154 / 12.6.169 XML External Entity");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server hosts an application that is affected by an XML external entity vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of ManageEngine OpManager running on the remote web server is 12.6.x prior to 12.6.141 / 12.6.154 /
12.6.169. It is, there, affected by an XML external entity vulnerability. A blind XML External Entity (XXE)
vulnerability exists in the Add UCS Device functionality. A specially crafted XML file can lead to SSRF. An
attacker can serve a malicious XML payload to trigger this vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.manageengine.com/itom/advisory/cve-2022-43473.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7dc52454");
  script_set_attribute(attribute:"solution", value:
"Upgrade ManageEngine OpManager according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-43473");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/06");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:zohocorp:manageengine_opmanager");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("manageengine_opmanager_detect.nbin");
  script_require_keys("installed_sw/ManageEngine OpManager");
  script_require_ports("Services/www", 8060);

  exit(0);
}

include('vcf.inc');
include('vcf_extras_zoho.inc');
include('http.inc');

var appname = 'ManageEngine OpManager';

var port = get_http_port(default:8060);

var app_info = vcf::zoho::fix_parse::get_app_info(app:appname, port:port, webapp:TRUE);

var constraints = [
  {'min_version':'126000', 'max_version': '126140', 'fixed_version': '126141', 'fixed_display': 'See vendor advisory'},
  {'min_version':'126142', 'max_version': '126153', 'fixed_version': '126154', 'fixed_display': 'See vendor advisory'},
  {'min_version':'126155', 'max_version': '126168', 'fixed_version': '126169', 'fixed_display': 'See vendor advisory'}
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);
VendorProductVersionCPE
zohocorpmanageengine_opmanagercpe:/a:zohocorp:manageengine_opmanager

Related

cvelist 1
prion 1
cve 1
talosblog 1
nvd 1
talos 1
cvelist
cvelist
CVE-2022-43473
2023-03-30 16:28:35
prion
prion
Xxe
2023-03-30 17:15:00
cve
cve
CVE-2022-43473
2023-03-30 17:15:06
talosblog
talosblog
Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack
2023-03-30 19:00:23
nvd
nvd
CVE-2022-43473
2023-03-30 17:15:06
talos
talos
ManageEngine OpManager Add UCS Device blind XXE vulnerability
2023-03-30 00:00:00

0.006 Low

EPSS

Percentile

79.1%

JSON
Related for MANAGEENGINE_OPMANAGER_CVE-2022-43473.NASL
cvelist1prion1cve1talosblog1nvd1talos1