CVE-2022-43473

CVSS V2 None CVSS V3 None
Description
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.
Overview
  • CVE ID
  • CVE-2022-43473
  • Assigner
  • talos-cna@cisco.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-30T17:15:06
  • Last Modified Date
  • 2023-04-05T14:25:55
Weakness Enumerations
CWE URL
CWE-611 http://cwe.mitre.org/data/definitions/611.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* 1 OR 12.6
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126002:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126004:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126005:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126104:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126107:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126108:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126109:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126110:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126118:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126119:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126120:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126121:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126122:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126130:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126131:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126132:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126134:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126135:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126136:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126139:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126141:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126147:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126148:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126149:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126150:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126151:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126154:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126155:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126162:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126163:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126164:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126165:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126166:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126167:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126168:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:* 1 OR 12.6
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126002:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126104:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126107:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126119:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126122:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126139:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126140:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126141:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126154:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126155:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126264:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:* 1 OR 12.6
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126002:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126104:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126107:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126119:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126122:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126139:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126140:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126141:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126154:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126155:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126264:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685 Exploit Third Party Advisory
https://www.manageengine.com/itom/advisory/cve-2022-43473.html Patch Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-43473
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43473
History
Created Old Value New Value Data Type Notes
2023-04-17 03:55:14 Added to TrackCVE
2023-04-17 03:55:17 Weakness Enumeration new