Lucene search
K

603 matches found

Prion
Prion
added 2023/05/04 2:15 a.m.17 views

Remote code execution

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...

6.5CVSS8.9AI score0.81555EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/04 12:0 a.m.17 views

CVE-2023-31099

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers...

9.2AI score0.81555EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.4 views

PT-2023-23153 · Zoho · Zoho Manageengine Opmanager

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine OPManager versions through 126323 Description: The issue allows an authenticated user to achieve remote code execution via probe servers. This is related to a deserialization remote code execution RCE issue. Recommendations:...

8.8CVSS7.9AI score0.81555EPSS
Exploits0References10
CVE
CVE
added 2023/05/04 12:0 a.m.91 views

CVE-2023-31099

Zoho ManageEngine OPManager (versions up to 126323) is affected by a deserialization-based remote code execution vulnerability that can be triggered by an authenticated user via probe servers. This vulnerability allows total impact (CVE-2023-31099) with high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:...

8.8CVSS8.8AI score0.81555EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.6 views

ZOHO ManageEngine OpManager 安全漏洞

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A security vulnerability exists in ZOHO ManageEngine OpManager version 126323 that could allow an authenticated user to perform remote cod...

8.8CVSS8.7AI score0.81555EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.37 views

ManageEngine OpManager 12.6.x < 12.6.141 / 12.6.154 / 12.6.169 XML External Entity

The version of ManageEngine OpManager running on the remote web server is 12.6.x prior to 12.6.141 / 12.6.154 / 12.6.169. It is, there, affected by an XML external entity vulnerability. A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality. A specially crafted X...

5.8CVSS5.8AI score0.19807EPSS
Exploits1References2
Talos Blog
Talos Blog
added 2023/03/30 7:0 p.m.25 views

Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack

Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a vulnerability in ManageEngine OpManager that could lead to an XML external entity XXE attack. OpManager is network monitoring software that allows users to track and manage the performance of...

5.3AI score0.19807EPSS
Exploits1
OSV
OSV
added 2023/03/30 5:15 p.m.6 views

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.4CVSS5.8AI score0.19807EPSS
Exploits1References3
NVD
NVD
added 2023/03/30 5:15 p.m.20 views

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.8CVSS5.5AI score0.19807EPSS
Exploits1References3
Prion
Prion
added 2023/03/30 5:15 p.m.21 views

Xxe

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.8CVSS5.3AI score0.19807EPSS
Exploits1References2Affected Software3
Vulnrichment
Vulnrichment
added 2023/03/30 4:28 p.m.8 views

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.8CVSS5.5AI score0.19807EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/30 4:28 p.m.29 views

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

5.8CVSS5.8AI score0.19807EPSS
Exploits1References2
CVE
CVE
added 2023/03/30 4:28 p.m.65 views

CVE-2022-43473

OpManager 12.6.168 isAffected by a blind XXE in Add UCS Device, enabling SSRF via attacker-supplied XML. The vulnerable path is in the UCS discovery flow (POST /client/api/json/discovery/addDevice) where backend requests data to a crafted backend URL and XML is parsed by DocumentBuilder, allowing...

5.8CVSS5.3AI score0.19807EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.6 views

ManageEngine OpManager 代码问题漏洞

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A code issue vulnerability exists in ManageEngine OpManager version 12.6.168, which stems from the presence of an XML External Entity XXE ...

5.8CVSS5.7AI score0.19807EPSS
Exploits1References4
Talos
Talos
added 2023/03/30 12:0 a.m.37 views

ManageEngine OpManager Add UCS Device blind XXE vulnerability

Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...

5.8CVSS5.5AI score0.19807EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2023/03/01 12:0 a.m.7 views

The vulnerability of the implementation of the IPv6 protocol in software for network monitoring tools such as OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer allows a attacker to execute arbitrary code.

The vulnerability of the IPv6 protocol implementation in software for network monitoring tools such as OpManager, OpManager MSP, OpManager Plus, Network Configuration Manager, OpUtils, and the network traffic analyzer NetFlow Analyzer is related to insufficient validation of input data during...

9CVSS7.6AI score0.78326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.9 views

PT-2022-6690 · Zoho · Manageengine Opmanager

Name of the Vulnerable Software and Affected Versions: ManageEngine OpManager version 12.6.168 Description: A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality. This issue is related to incorrect restriction of XML links to external objects. Exploitation of th...

5.8CVSS5.3AI score0.19807EPSS
Exploits1References8
Check Point Advisories
Check Point Advisories
added 2022/11/17 12:0 a.m.11 views

Zoho ManageEngine SQL Injection (CVE-2021-41288)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getReportData method...

7.5CVSS1.8AI score0.79553EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2022/11/17 12:0 a.m.16 views

Zoho ManageEngine SQL Injection (CVE-2021-40493)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...

7.5CVSS1.5AI score0.50209EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/04 12:0 a.m.32 views

ManageEngine OpManager SQLi (CVE-2022-27908)

The version of ManageEngine OpManager running on the remote web server is affected by an SQL injection SQLi vulnerability in the Inventory Reports module. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

8.8CVSS8.2AI score0.37719EPSS
Exploits0References2
Rows per page
Query Builder