Lucene search

[email protected]NVD:CVE-2022-43473

HistoryMar 30, 2023 - 5:15 p.m.

CVE-2022-43473

2023-03-3017:15:06

CWE-611

[email protected]

web.nvd.nist.gov

cve-2022-43473

xml

ssrf

vulnerability

manageengine opmanager

xxe

add ucs device

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve
a malicious XML payload to trigger this vulnerability.

Affected configurations

NVD

Node

zohocorpmanageengine_opmanagerRange<12.6

zohocorpmanageengine_opmanagerMatch12.6build126000

zohocorpmanageengine_opmanagerMatch12.6build126001

zohocorpmanageengine_opmanagerMatch12.6build126002

zohocorpmanageengine_opmanagerMatch12.6build126004

zohocorpmanageengine_opmanagerMatch12.6build126005

zohocorpmanageengine_opmanagerMatch12.6build126100

zohocorpmanageengine_opmanagerMatch12.6build126101

zohocorpmanageengine_opmanagerMatch12.6build126102

zohocorpmanageengine_opmanagerMatch12.6build126103

zohocorpmanageengine_opmanagerMatch12.6build126104

zohocorpmanageengine_opmanagerMatch12.6build126107

zohocorpmanageengine_opmanagerMatch12.6build126108

zohocorpmanageengine_opmanagerMatch12.6build126109

zohocorpmanageengine_opmanagerMatch12.6build126110

zohocorpmanageengine_opmanagerMatch12.6build126113

zohocorpmanageengine_opmanagerMatch12.6build126114

zohocorpmanageengine_opmanagerMatch12.6build126115

zohocorpmanageengine_opmanagerMatch12.6build126116

zohocorpmanageengine_opmanagerMatch12.6build126117

zohocorpmanageengine_opmanagerMatch12.6build126118

zohocorpmanageengine_opmanagerMatch12.6build126119

zohocorpmanageengine_opmanagerMatch12.6build126120

zohocorpmanageengine_opmanagerMatch12.6build126121

zohocorpmanageengine_opmanagerMatch12.6build126122

zohocorpmanageengine_opmanagerMatch12.6build126130

zohocorpmanageengine_opmanagerMatch12.6build126131

zohocorpmanageengine_opmanagerMatch12.6build126132

zohocorpmanageengine_opmanagerMatch12.6build126134

zohocorpmanageengine_opmanagerMatch12.6build126135

zohocorpmanageengine_opmanagerMatch12.6build126136

zohocorpmanageengine_opmanagerMatch12.6build126139

zohocorpmanageengine_opmanagerMatch12.6build126141

zohocorpmanageengine_opmanagerMatch12.6build126147

zohocorpmanageengine_opmanagerMatch12.6build126148

zohocorpmanageengine_opmanagerMatch12.6build126149

zohocorpmanageengine_opmanagerMatch12.6build126150

zohocorpmanageengine_opmanagerMatch12.6build126151

zohocorpmanageengine_opmanagerMatch12.6build126154

zohocorpmanageengine_opmanagerMatch12.6build126155

zohocorpmanageengine_opmanagerMatch12.6build126162

zohocorpmanageengine_opmanagerMatch12.6build126163

zohocorpmanageengine_opmanagerMatch12.6build126164

zohocorpmanageengine_opmanagerMatch12.6build126165

zohocorpmanageengine_opmanagerMatch12.6build126166

zohocorpmanageengine_opmanagerMatch12.6build126167

zohocorpmanageengine_opmanagerMatch12.6build126168

Node

zohocorpmanageengine_opmanager_plusRange<12.6

zohocorpmanageengine_opmanager_plusMatch12.6build126001

zohocorpmanageengine_opmanager_plusMatch12.6build126002

zohocorpmanageengine_opmanager_plusMatch12.6build126100

zohocorpmanageengine_opmanager_plusMatch12.6build126103

zohocorpmanageengine_opmanager_plusMatch12.6build126104

zohocorpmanageengine_opmanager_plusMatch12.6build126107

zohocorpmanageengine_opmanager_plusMatch12.6build126113

zohocorpmanageengine_opmanager_plusMatch12.6build126117

zohocorpmanageengine_opmanager_plusMatch12.6build126119

zohocorpmanageengine_opmanager_plusMatch12.6build126122

zohocorpmanageengine_opmanager_plusMatch12.6build126139

zohocorpmanageengine_opmanager_plusMatch12.6build126140

zohocorpmanageengine_opmanager_plusMatch12.6build126141

zohocorpmanageengine_opmanager_plusMatch12.6build126154

zohocorpmanageengine_opmanager_plusMatch12.6build126155

zohocorpmanageengine_opmanager_plusMatch12.6build126264

Node

zohocorpmanageengine_opmanager_mspRange<12.6

zohocorpmanageengine_opmanager_mspMatch12.6build126001

zohocorpmanageengine_opmanager_mspMatch12.6build126002

zohocorpmanageengine_opmanager_mspMatch12.6build126100

zohocorpmanageengine_opmanager_mspMatch12.6build126103

zohocorpmanageengine_opmanager_mspMatch12.6build126104

zohocorpmanageengine_opmanager_mspMatch12.6build126107

zohocorpmanageengine_opmanager_mspMatch12.6build126113

zohocorpmanageengine_opmanager_mspMatch12.6build126117

zohocorpmanageengine_opmanager_mspMatch12.6build126119

zohocorpmanageengine_opmanager_mspMatch12.6build126122

zohocorpmanageengine_opmanager_mspMatch12.6build126139

zohocorpmanageengine_opmanager_mspMatch12.6build126140

zohocorpmanageengine_opmanager_mspMatch12.6build126141

zohocorpmanageengine_opmanager_mspMatch12.6build126154

zohocorpmanageengine_opmanager_mspMatch12.6build126155

zohocorpmanageengine_opmanager_mspMatch12.6build126264

References

talosintelligence.com/vulnerability_reports/TALOS-2022-1685

www.manageengine.com/itom/advisory/cve-2022-43473.html

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for NVD:CVE-2022-43473

cvelist1 nessus1 prion1 cve1 talosblog1 talos1