CVE-2022-43473

Опубликовано: 30 мар. 2023

Источник: nvd

CVSS3: 5.8

CVSS3: 5.4

EPSS Низкий

Описание

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685
Exploit
Third Party Advisory
https://www.manageengine.com/itom/advisory/cve-2022-43473.html
Patch
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685
Exploit
Third Party Advisory
https://www.manageengine.com/itom/advisory/cve-2022-43473.html
Patch
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*

Версия до 12.6 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126004:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126005:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126104:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126107:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126108:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126109:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126110:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126118:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126119:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126120:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126121:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126122:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126130:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126131:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126132:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126134:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126135:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126136:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126139:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126141:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126147:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126148:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126149:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126150:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126151:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126154:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126155:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126162:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126163:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126164:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126165:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126166:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126167:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126168:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*

Версия до 12.6 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126104:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126107:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126119:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126122:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126139:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126140:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126141:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126154:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126155:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126264:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*

Версия до 12.6 (исключая)

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126002:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126104:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126107:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126119:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126122:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126139:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126140:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126141:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126154:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126155:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126264:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01477

Низкий

5.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-mgjg-hm5j-p2wq

CVSS3: 5.4

github

почти 3 года назад

BDU:2023-03411

CVSS3: 5.8

fstec

около 3 лет назад

Уязвимость функции "Add UCS Device" программного обеспечения для мониторинга сети OpManager, OpManager MSP, OpManager Plus, позволяющая нарушителю осуществить SSRF-атаку

EPSS

Процентиль: 81%

0.01477

Низкий

5.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-611