2023-05-08 20:00:28 +02:00
{
"id" : "CVE-2023-29443" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2023-04-26T21:15:08.957" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T07:57:04.050" ,
2023-06-26 18:00:32 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-05-08 20:00:28 +02:00
"descriptions" : [
{
"lang" : "en" ,
2023-06-26 18:00:32 +00:00
"value" : "Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint."
2023-05-08 20:00:28 +02:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.9 ,
"baseSeverity" : "MEDIUM" ,
2023-05-08 20:00:28 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-05-08 20:00:28 +02:00
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 3.6
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-611"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*" ,
"matchCriteriaId" : "C9AAC638-1379-4F87-9BA3-07CE16CAB98A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*" ,
"matchCriteriaId" : "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*" ,
"matchCriteriaId" : "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*" ,
"matchCriteriaId" : "03A34ED3-EC89-4BE3-8A99-A5727A154672"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*" ,
"matchCriteriaId" : "4E84EF2B-37A5-4499-8C16-877E8AB8A731"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*" ,
"matchCriteriaId" : "1FDA22C3-8F1E-45C9-BC8D-C3A49EFA348C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*" ,
"matchCriteriaId" : "DDA5504A-8BD9-4C0D-AD5A-4CB188A99563"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*" ,
"matchCriteriaId" : "2E4E1A50-A366-4D5E-9DDB-B33D1D1770E7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*" ,
"matchCriteriaId" : "356CA7C7-993F-4D5D-9FAB-9E5475878D53"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "14.1" ,
"matchCriteriaId" : "0F8049D8-8FE3-43CA-9568-AEA659776436"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "5CDE81A3-95A1-42FC-A526-5F343E73ABD2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*" ,
"matchCriteriaId" : "0575CC86-9321-4502-83C0-348DCE175EEC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*" ,
"matchCriteriaId" : "D1B60D55-DE84-4BE8-A42D-98D133D3D228"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*" ,
"matchCriteriaId" : "B79CA06A-17DE-429A-A3C9-4FC28E907318"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*" ,
"matchCriteriaId" : "19C86206-29CB-4ABA-8979-19DF52B8CC1A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14104:*:*:*:*:*:*" ,
"matchCriteriaId" : "7C7ACCBA-56DC-4159-A26C-6D8007B3AC23"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "14.0" ,
"matchCriteriaId" : "E427ED35-3804-4448-BADE-6DD1E80D093F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14000:*:*:*:*:*:*" ,
"matchCriteriaId" : "6E368AC5-E3A5-44CE-8B6E-2454493764E4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14001:*:*:*:*:*:*" ,
"matchCriteriaId" : "B265CA09-4FDD-41BD-A5E8-1A4666FBDE62"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "14.0" ,
"matchCriteriaId" : "5563D0F3-ACFD-4F79-8428-12EF982E0F5F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14000:*:*:*:*:*:*" ,
"matchCriteriaId" : "B46588F2-4258-44C7-BCBE-40975D4CE27D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14001:*:*:*:*:*:*" ,
"matchCriteriaId" : "8FA49D56-60A0-462B-86D2-61391E8FAA47"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://www.manageengine.com/products/service-desk/CVE-2023-29443.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-05-08 20:00:28 +02:00
}
]
}
