← voltar
CVE-2022-43473

CVE-2022-43473

CVSS 5.8 MEDIUMEPSS 19.8%CWE-611
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Produtos afetados
ManageEngine · OpManager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685https://www.manageengine.com/itom/advisory/cve-2022-43473.htmlhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685