exploitDog

CVE-2023-4769

Опубликовано: 03 нояб. 2023

Источник: nvd

CVSS3: 6.6

CVSS3: 8.8

EPSS Низкий

Описание

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zohocorp:manageengine_desktop_central:9.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00133

Низкий

6.6 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-hmfj-v22f-3ww3

CVSS3: 6.6

github

больше 2 лет назад

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.

EPSS

Процентиль: 33%

0.00133

Низкий

6.6 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-918