CVE-2022-43473

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Published: Mar 30, 2023
Updated: Nov 8, 2023
CVE: CVE-2022-43473
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_opmanager	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_opmanager	12.6-build126114	12.6-build126114.x
zohocorp / manageengine_opmanager	12.6-build126115	12.6-build126115.x
zohocorp / manageengine_opmanager	12.6-build126116	12.6-build126116.x
zohocorp / manageengine_opmanager	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_opmanager	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_opmanager	12.6-build126101	12.6-build126101.x
zohocorp / manageengine_opmanager	12.6-build126102	12.6-build126102.x
zohocorp / manageengine_opmanager	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_opmanager	12.6-build126000	12.6-build126000.x
zohocorp / manageengine_opmanager	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_opmanager	12.6-build126118	12.6-build126118.x
zohocorp / manageengine_opmanager	12.6-build126119	12.6-build126119.x
zohocorp / manageengine_opmanager	12.6-build126104	12.6-build126104.x
zohocorp / manageengine_opmanager	12.6-build126002	12.6-build126002.x
zohocorp / manageengine_opmanager	12.6-build126168	12.6-build126168.x
zohocorp / manageengine_opmanager	12.6-build126167	12.6-build126167.x
zohocorp / manageengine_opmanager	12.6-build126166	12.6-build126166.x
zohocorp / manageengine_opmanager	12.6-build126165	12.6-build126165.x
zohocorp / manageengine_opmanager	12.6-build126164	12.6-build126164.x
zohocorp / manageengine_opmanager	12.6-build126163	12.6-build126163.x
zohocorp / manageengine_opmanager	12.6-build126162	12.6-build126162.x
zohocorp / manageengine_opmanager	12.6-build126155	12.6-build126155.x
zohocorp / manageengine_opmanager	12.6-build126154	12.6-build126154.x
zohocorp / manageengine_opmanager	12.6-build126151	12.6-build126151.x
zohocorp / manageengine_opmanager	12.6-build126150	12.6-build126150.x
zohocorp / manageengine_opmanager	12.6-build126149	12.6-build126149.x
zohocorp / manageengine_opmanager	12.6-build126148	12.6-build126148.x
zohocorp / manageengine_opmanager	12.6-build126147	12.6-build126147.x
zohocorp / manageengine_opmanager	12.6-build126141	12.6-build126141.x
zohocorp / manageengine_opmanager	12.6-build126136	12.6-build126136.x
zohocorp / manageengine_opmanager	12.6-build126135	12.6-build126135.x
zohocorp / manageengine_opmanager	12.6-build126134	12.6-build126134.x
zohocorp / manageengine_opmanager	12.6-build126132	12.6-build126132.x
zohocorp / manageengine_opmanager	12.6-build126131	12.6-build126131.x
zohocorp / manageengine_opmanager	12.6-build126130	12.6-build126130.x
zohocorp / manageengine_opmanager	12.6-build126121	12.6-build126121.x
zohocorp / manageengine_opmanager	12.6-build126120	12.6-build126120.x
zohocorp / manageengine_opmanager	12.6-build126110	12.6-build126110.x
zohocorp / manageengine_opmanager	12.6-build126109	12.6-build126109.x
zohocorp / manageengine_opmanager	12.6-build126108	12.6-build126108.x
zohocorp / manageengine_opmanager	12.6-build126005	12.6-build126005.x
zohocorp / manageengine_opmanager	12.6-build126004	12.6-build126004.x
zohocorp / manageengine_opmanager	12.6-build126139	12.6-build126139.x
zohocorp / manageengine_opmanager	12.6-build126107	12.6-build126107.x
zohocorp / manageengine_opmanager	12.6-build126122	12.6-build126122.x
zohocorp / manageengine_opmanager	-	12.6
zohocorp / manageengine_opmanager_plus	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_opmanager_plus	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_opmanager_plus	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_opmanager_plus	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_opmanager_plus	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_opmanager_plus	12.6-build126002	12.6-build126002.x
zohocorp / manageengine_opmanager_plus	12.6-build126104	12.6-build126104.x
zohocorp / manageengine_opmanager_plus	12.6-build126119	12.6-build126119.x
zohocorp / manageengine_opmanager_plus	-	12.6
zohocorp / manageengine_opmanager_plus	12.6-build126107	12.6-build126107.x
zohocorp / manageengine_opmanager_plus	12.6-build126122	12.6-build126122.x
zohocorp / manageengine_opmanager_plus	12.6-build126139	12.6-build126139.x
zohocorp / manageengine_opmanager_plus	12.6-build126140	12.6-build126140.x
zohocorp / manageengine_opmanager_plus	12.6-build126141	12.6-build126141.x
zohocorp / manageengine_opmanager_plus	12.6-build126154	12.6-build126154.x
zohocorp / manageengine_opmanager_plus	12.6-build126155	12.6-build126155.x
zohocorp / manageengine_opmanager_plus	12.6-build126264	12.6-build126264.x
zohocorp / manageengine_opmanager_msp	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_opmanager_msp	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_opmanager_msp	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_opmanager_msp	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_opmanager_msp	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_opmanager_msp	12.6-build126002	12.6-build126002.x
zohocorp / manageengine_opmanager_msp	12.6-build126104	12.6-build126104.x
zohocorp / manageengine_opmanager_msp	12.6-build126119	12.6-build126119.x
zohocorp / manageengine_opmanager_msp	12.6-build126264	12.6-build126264.x
zohocorp / manageengine_opmanager_msp	12.6-build126155	12.6-build126155.x
zohocorp / manageengine_opmanager_msp	12.6-build126154	12.6-build126154.x
zohocorp / manageengine_opmanager_msp	12.6-build126141	12.6-build126141.x
zohocorp / manageengine_opmanager_msp	12.6-build126140	12.6-build126140.x
zohocorp / manageengine_opmanager_msp	12.6-build126139	12.6-build126139.x
zohocorp / manageengine_opmanager_msp	12.6-build126122	12.6-build126122.x
zohocorp / manageengine_opmanager_msp	12.6-build126107	12.6-build126107.x
zohocorp / manageengine_opmanager_msp	-	12.6

Vulnerability Database

289,782

CVE-2022-43473