CVE-2023-29505

CWE-3463 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 38.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Network Configuration Manager
Timeline
PublishedAug 4

Description

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-f49c-c736-9g2j: An issue was discovered in Zoho ManageEngine Network Configuration Manager 122023-08-04
CVEList
CVE-2023-29505: An issue was discovered in Zoho ManageEngine Network Configuration Manager 122023-08-04
CVE-2023-29505 (HIGH CVSS 8.8) | An issue was discovered in Zoho Man | cvebase.io