CVE-2023-29443

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-29443
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

4.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.manageengine.com/products/service-desk/CVE-2023-29443.html Vendor Advisory
https://www.manageengine.com/products/service-desk/CVE-2023-29443.html Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6983:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6984:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6985:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6986:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6987:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6988:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.1:14104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:14.0:14001:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14000:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:14.0:14001:*:*:*:*:*:*
History

21 Nov 2024, 07:57

Type Values Removed Values Added
References () https://www.manageengine.com/products/service-desk/CVE-2023-29443.html - Vendor Advisory () https://www.manageengine.com/products/service-desk/CVE-2023-29443.html - Vendor Advisory
Information

Published : 2023-04-26 21:15

Updated : 2025-02-03 20:15

NVD link : CVE-2023-29443

Mitre link : CVE-2023-29443

CVE.ORG link : CVE-2023-29443

JSON object : View

Products Affected

zohocorp

  • manageengine_supportcenter_plus
  • manageengine_assetexplorer
  • manageengine_servicedesk_plus
  • manageengine_servicedesk_plus_msp
CWE
CWE-611

Improper Restriction of XML External Entity Reference