CVE-2023-4769

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 67.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Desktop Central Zohocorp Manageengine Desktop Central

Timeline

PublishedNov 3

Description

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5manageengine/desktop_central9.1.0

▶NVDzohocorp/manageengine_desktop_central9.1.0

🔴Vulnerability Details

CVEList

Server-Side Request Forgery in ManageEngine Desktop Central↗2023-11-03

▶

GHSA

GHSA-hmfj-v22f-3ww3: A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9↗2023-11-03

▶