CVE-2022-43473

CWE-611XML External Entity (XXE)5 documents4 sources
Severity
5.4MEDIUM
EPSS
35.6%
top 2.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Zohocorp Manageengine OpmanagerZohocorp Manageengine Opmanager MSPZohocorp Manageengine Opmanager Plus+1 more
Timeline
PublishedMar 30

Description

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.7

Affected Packages4 packages

CVEListV5manageengine/opmanager 12.6.168

Patches

Patch: www.manageengine.comPatch: www.manageengine.com

🔴Vulnerability Details

2
CVEList
CVE-2022-43473: A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 122023-03-30
GHSA
GHSA-mgjg-hm5j-p2wq: A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 122023-03-30

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack2023-03-30
Talos
Vulnerability Spotlight: Vulnerability in ManageEngine OpManager could lead to XXE attack2023-03-30
CVE-2022-43473 (MEDIUM CVSS 5.4) | A blind XML External Entity (XXE) v | cvebase.io