The vulnerability of the “Add UCS Device” function in the OpManager network monitoring software, including OpManager MSP and OpManager Plus, allows a attacker to perform an SSRF attack.

The vulnerability of the “Add UCS Device” function in OpManager’s network monitoring software, including OpManager MSP and OpManager Plus, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

ManageEngine OpManager 代码问题漏洞

ZOHO ManageEngine OpManager is a comprehensive network monitoring software from ZOHO. It is used to manage routers, firewalls, servers, switches and printers. A code issue vulnerability exists in ManageEngine OpManager version 12.6.168, which stems from the presence of an XML External Entity XXE ...

ManageEngine OpManager Add UCS Device blind XXE vulnerability

Talos Vulnerability Report TALOS-2022-1685 ManageEngine OpManager Add UCS Device blind XXE vulnerability March 30, 2023 CVE Number CVE-2022-43473 SUMMARY A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafte...