A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors Products
Zohocorp
  • Manageengine Opmanager Plus
  • Manageengine Opmanager Msp
  • Manageengine Opmanager

Configuration 1 [-]

OR cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126004:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126005:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126108:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126109:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126118:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126119:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126120:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126121:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126122:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126130:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126131:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126132:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126134:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126135:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126136:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126139:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126141:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126147:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126148:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126149:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126150:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126151:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126154:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126155:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126162:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126163:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126164:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126165:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126166:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126167:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126168:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126119:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126122:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126139:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126140:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126141:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126154:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126155:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126264:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126002:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126119:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126122:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126139:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126140:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126141:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126154:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126155:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126264:*:*:*:*:*:*
References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685 Exploit Third Party Advisory
https://www.manageengine.com/itom/advisory/cve-2022-43473.html Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: talos

Published: 2023-03-30T16:28:35.983Z

Updated: 2023-03-30T16:28:35.983Z

Reserved: 2022-12-05T20:53:36.058Z

Link: CVE-2022-43473

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-03-30T17:15:06.750

Modified: 2023-11-07T03:53:49.523

Link: CVE-2022-43473

JSON object: View

cve-icon Redhat Information

No data.

CWE