cbcvebase.
CVE-2022-43473
published 2023-03-30

CVE-2022-43473: A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can…

PriorityP339medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
19.81%
97.1th percentile
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Affected

7 ranges
VendorProductVersion rangeFixed in
manageengineopmanager
zohocorpmanageengine_opmanager< 12.612.6
zohocorpmanageengine_opmanager
zohocorpmanageengine_opmanager_msp< 12.612.6
zohocorpmanageengine_opmanager_msp
zohocorpmanageengine_opmanager_plus< 12.612.6
zohocorpmanageengine_opmanager_plus
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.