CVE-2023-29443

EPSS 0.5%
Veröffentlicht 26.04.2023 21:15:08
Zuletzt bearbeitet 03.02.2025 20:15:31
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6980

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6981

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6982

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6983

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6984

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6985

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6986

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6987

Zohocorp ≫ Manageengine Assetexplorer Version6.9 Update6988

Zohocorp ≫ Manageengine Servicedesk Plus Version < 14.1

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update-

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14100

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14101

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14102

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14103

Zohocorp ≫ Manageengine Servicedesk Plus Version14.1 Update14104

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version < 14.0

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.0 Update14000

Zohocorp ≫ Manageengine Servicedesk Plus Msp Version14.0 Update14001

Zohocorp ≫ Manageengine Supportcenter Plus Version < 14.0

Zohocorp ≫ Manageengine Supportcenter Plus Version14.0 Update14000

Zohocorp ≫ Manageengine Supportcenter Plus Version14.0 Update14001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.649

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.manageengine.com/products/service-desk/CVE-2023-29443.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-29443

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29443

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29443

EUVD