5 matches found
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
ManageEngine ServiceDesk Plus < 14.1 Build 14105 XXE
An XML external entity vulnerability exists in ManageEngine ServiceDesk Plus prior to 14.1 Build 14105. A threat actor with the SDAdmin role can configure a malicious server to return a response with a malformed XML using the Reports integration API, causing an XML External Entity XXE attack. Not...
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint...
CVE-2023-29443
Summary of CVE-2023-29443 from connected sources: Multiple ManageEngine products (ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus, AssetExplorer) are affected by an XML External Entity (XXE) vulnerability. A privileged SDAdmin can configure a malicious server to return malformed XML vi...