6 matches found
CVE-2022-43473
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
CVE-2022-43473
creationtimestamp| type| source ---|---|--- 2023-03-30 20:35:56+00:00| seen| https://t.me/cibsecurity/61187...
Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack
Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in ManageEngine OpManager that could lead to an XML external entity XXE attack. OpManager is network monitoring software that allows users to track and manage the performance of...
CVE-2022-43473
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
CVE-2022-43473
A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...
CVE-2022-43473
OpManager 12.6.168 isAffected by a blind XXE in Add UCS Device, enabling SSRF via attacker-supplied XML. The vulnerable path is in the UCS discovery flow (POST /client/api/json/discovery/addDevice) where backend requests data to a crafted backend URL and XML is parsed by DocumentBuilder, allowing...