{ "id": "CVE-2023-48646", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T18:15:09.670", "lastModified": "2024-11-21T08:32:10.810", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings." }, { "lang": "es", "value": "Zoho ManageEngine RecoveryManager Plus anterior a 6070 permite a los usuarios administradores ejecutar comandos arbitrarios a trav\u00e9s de configuraciones de proxy." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.2, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.0", "matchCriteriaId": "658DC76D-E0FE-40FA-B966-6DA6ED531FCD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6001:*:*:*:*:*:*", "matchCriteriaId": "948993BE-7B9E-4CCB-A97F-28B46DFE52A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6003:*:*:*:*:*:*", "matchCriteriaId": "9F8D6CDF-1BD5-4457-94AA-CFCC351F55A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6005:*:*:*:*:*:*", "matchCriteriaId": "E54CE38D-C9CA-4CC1-B3BC-83F593A576D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6011:*:*:*:*:*:*", "matchCriteriaId": "4C8B3F77-7886-4F80-B75A-59063C762307" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6016:*:*:*:*:*:*", "matchCriteriaId": "ADCB6ADF-5B04-4682-B541-4BC8BB5762DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6017:*:*:*:*:*:*", "matchCriteriaId": "A708628C-31E8-4A52-AEF7-297E2DDFA0C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6020:*:*:*:*:*:*", "matchCriteriaId": "A8A01385-A493-42C0-ABBE-6A30C8594F8B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6025:*:*:*:*:*:*", "matchCriteriaId": "E7A6CA95-9572-4FCA-ADD2-A5F4D8C2216B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6026:*:*:*:*:*:*", "matchCriteriaId": "B6865936-A773-4353-8891-8269508B2180" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6030:*:*:*:*:*:*", "matchCriteriaId": "9CAD778E-8FDB-4CE2-A593-75EEA75F6361" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6031:*:*:*:*:*:*", "matchCriteriaId": "52A9BA64-A248-4490-BDA7-671D64C0B3CA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6032:*:*:*:*:*:*", "matchCriteriaId": "DFF0A7E8-888B-4CBE-B799-16557244DDF3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6041:*:*:*:*:*:*", "matchCriteriaId": "8B480202-7632-4CFA-A485-DDFF1D1DB757" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6042:*:*:*:*:*:*", "matchCriteriaId": "AB9B0721-49FD-49E7-97E4-E4E3EBF64856" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6043:*:*:*:*:*:*", "matchCriteriaId": "874F5DDD-EA8D-4C1E-824A-321C52959649" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6044:*:*:*:*:*:*", "matchCriteriaId": "8CAA4713-DA95-46AC-AFA5-9D22F8819B06" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6047:*:*:*:*:*:*", "matchCriteriaId": "C9D4BB2E-D0D0-4058-88C9-3E73A793A85B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6049:*:*:*:*:*:*", "matchCriteriaId": "832AAAAF-5C34-4DDF-96A4-080002F9BC6A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6050:*:*:*:*:*:*", "matchCriteriaId": "29ED63C4-FB06-41AC-ABCD-63B3233658A8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6051:*:*:*:*:*:*", "matchCriteriaId": "6EEA1BA5-F6A7-4BE0-8E77-993FB9E5CC91" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6053:*:*:*:*:*:*", "matchCriteriaId": "2C21AC8A-8358-46BE-A0C6-7CDEF1E73904" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6054:*:*:*:*:*:*", "matchCriteriaId": "51400F37-6310-44A3-A683-068DF64D20F5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6056:*:*:*:*:*:*", "matchCriteriaId": "F3F43DBF-CD65-47D0-8CEE-D5EE8337188B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6057:*:*:*:*:*:*", "matchCriteriaId": "78CB8751-856A-41AC-904A-70FA1E15A946" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6058:*:*:*:*:*:*", "matchCriteriaId": "72B7E27E-1443-46DC-8389-FBD337E612F4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6060:*:*:*:*:*:*", "matchCriteriaId": "F9BB1077-C1F5-4368-9930-8E7424E7EB98" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6061:*:*:*:*:*:*", "matchCriteriaId": "EE307CE4-574D-4FF7-BED6-5BBECF886578" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_recoverymanager_plus:6.0:build6062:*:*:*:*:*:*", "matchCriteriaId": "49E40C74-7077-4366-82A7-52B454725B3A" } ] } ] } ], "references": [ { "url": "https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }