Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.11 views

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.8CVSS6.7AI score0.19807EPSS
Exploits1References1
Circl
Circl
added 2023/03/30 8:35 p.m.6 views

CVE-2022-43473

creationtimestamp| type| source ---|---|--- 2023-03-30 20:35:56+00:00| seen| https://t.me/cibsecurity/61187...

5.8CVSS5.5AI score0.19807EPSS
Exploits1References1
Talos Blog
Talos Blog
added 2023/03/30 7:0 p.m.25 views

Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack

Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in ManageEngine OpManager that could lead to an XML external entity XXE attack. OpManager is network monitoring software that allows users to track and manage the performance of...

5.3AI score0.19807EPSS
Exploits1
NVD
NVD
added 2023/03/30 5:15 p.m.20 views

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.8CVSS5.5AI score0.19807EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/03/30 4:28 p.m.8 views

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.8CVSS5.5AI score0.19807EPSS
Exploits1References2
CVE
CVE
added 2023/03/30 4:28 p.m.65 views

CVE-2022-43473

OpManager 12.6.168 isAffected by a blind XXE in Add UCS Device, enabling SSRF via attacker-supplied XML. The vulnerable path is in the UCS discovery flow (POST /client/api/json/discovery/addDevice) where backend requests data to a crafted backend URL and XML is parsed by DocumentBuilder, allowing...

5.8CVSS5.3AI score0.19807EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder