Vulnerability Details CVE-2022-43473
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve
a malicious XML payload to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.024
EPSS Ranking 84.1%
CVSS Severity
CVSS v3 Score 5.8
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685
- https://www.manageengine.com/itom/advisory/cve-2022-43473.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685
- https://www.manageengine.com/itom/advisory/cve-2022-43473.html
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685
Products affected by CVE-2022-43473
-
cpe:2.3:a:zohocorp:manageengine_opmanager:-
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.4
-
cpe:2.3:a:zohocorp:manageengine_opmanager:11.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.2
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.3
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.4
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.4.179
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager:8
-
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6