CVE-2023-28340

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
6.5MEDIUM
EPSS
7.7%
top 8.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Applications Manager
Timeline
PublishedApr 11

Description

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

Patches

Patch: www.manageengine.comPatch: www.manageengine.com

🔴Vulnerability Details

2
CVEList
CVE-2023-28340: Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack2023-04-11
GHSA
GHSA-253c-2jpf-7jp9: Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack2023-04-11
CVE-2023-28340 (MEDIUM CVSS 6.5) | Zoho ManageEngine Applications Mana | cvebase.io