CVE-2019-14693

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

8.1HIGH

EPSS

0.8%

top 25.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Assetexplorer

Timeline

PublishedAug 8

Latest updateMay 24

Description

Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:HExploitability: 3.1 | Impact: 4.7

Affected Packages1 packages

▶NVDzohocorp/manageengine_assetexplorer6.2.0

🔴Vulnerability Details

GHSA

GHSA-f3vc-r644-7vfr: Zoho ManageEngine AssetExplorer 6↗2022-05-24

▶

CVEList

CVE-2019-14693: Zoho ManageEngine AssetExplorer 6↗2019-08-08

▶