CVE-2023-48646

Опубликовано: 22 нояб. 2023

Источник: nvd

CVSS3: 7.2

EPSS Средний

Описание

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.

Ссылки

https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html
Vendor Advisory
https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*

Версия до 6.0 (исключая)

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6062:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.62621

Средний

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-grg4-qr9m-4rf3

CVSS3: 7.2

github

около 2 лет назад

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.

BDU:2023-08614

CVSS3: 7.2

fstec

около 2 лет назад

Уязвимость программного обеспечения для резервного копирования Zoho ManageEngine RecoveryManager Plus, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 98%

0.62621

Средний

7.2 High

CVSS3

Дефекты

NVD-CWE-noinfo