CVE-2022-43473 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
talos	CNA	5.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Vendor	Product	Version
zohocorp	manageengine_opmanager	𝑥 < 12.6
zohocorp	manageengine_opmanager	12.6:build126000
zohocorp	manageengine_opmanager	12.6:build126001
zohocorp	manageengine_opmanager	12.6:build126002
zohocorp	manageengine_opmanager	12.6:build126004
zohocorp	manageengine_opmanager	12.6:build126005
zohocorp	manageengine_opmanager	12.6:build126100
zohocorp	manageengine_opmanager	12.6:build126101
zohocorp	manageengine_opmanager	12.6:build126102
zohocorp	manageengine_opmanager	12.6:build126103
zohocorp	manageengine_opmanager	12.6:build126104
zohocorp	manageengine_opmanager	12.6:build126107
zohocorp	manageengine_opmanager	12.6:build126108
zohocorp	manageengine_opmanager	12.6:build126109
zohocorp	manageengine_opmanager	12.6:build126110
zohocorp	manageengine_opmanager	12.6:build126113
zohocorp	manageengine_opmanager	12.6:build126114
zohocorp	manageengine_opmanager	12.6:build126115
zohocorp	manageengine_opmanager	12.6:build126116
zohocorp	manageengine_opmanager	12.6:build126117
zohocorp	manageengine_opmanager	12.6:build126118
zohocorp	manageengine_opmanager	12.6:build126119
zohocorp	manageengine_opmanager	12.6:build126120
zohocorp	manageengine_opmanager	12.6:build126121
zohocorp	manageengine_opmanager	12.6:build126122
zohocorp	manageengine_opmanager	12.6:build126130
zohocorp	manageengine_opmanager	12.6:build126131
zohocorp	manageengine_opmanager	12.6:build126132
zohocorp	manageengine_opmanager	12.6:build126134
zohocorp	manageengine_opmanager	12.6:build126135
zohocorp	manageengine_opmanager	12.6:build126136
zohocorp	manageengine_opmanager	12.6:build126139
zohocorp	manageengine_opmanager	12.6:build126141
zohocorp	manageengine_opmanager	12.6:build126147
zohocorp	manageengine_opmanager	12.6:build126148
zohocorp	manageengine_opmanager	12.6:build126149
zohocorp	manageengine_opmanager	12.6:build126150
zohocorp	manageengine_opmanager	12.6:build126151
zohocorp	manageengine_opmanager	12.6:build126154
zohocorp	manageengine_opmanager	12.6:build126155
zohocorp	manageengine_opmanager	12.6:build126162
zohocorp	manageengine_opmanager	12.6:build126163
zohocorp	manageengine_opmanager	12.6:build126164
zohocorp	manageengine_opmanager	12.6:build126165
zohocorp	manageengine_opmanager	12.6:build126166
zohocorp	manageengine_opmanager	12.6:build126167
zohocorp	manageengine_opmanager	12.6:build126168
zohocorp	manageengine_opmanager_plus	𝑥 < 12.6
zohocorp	manageengine_opmanager_plus	12.6:build126001
zohocorp	manageengine_opmanager_plus	12.6:build126002
zohocorp	manageengine_opmanager_plus	12.6:build126100
zohocorp	manageengine_opmanager_plus	12.6:build126103
zohocorp	manageengine_opmanager_plus	12.6:build126104
zohocorp	manageengine_opmanager_plus	12.6:build126107
zohocorp	manageengine_opmanager_plus	12.6:build126113
zohocorp	manageengine_opmanager_plus	12.6:build126117
zohocorp	manageengine_opmanager_plus	12.6:build126119
zohocorp	manageengine_opmanager_plus	12.6:build126122
zohocorp	manageengine_opmanager_plus	12.6:build126139
zohocorp	manageengine_opmanager_plus	12.6:build126140
zohocorp	manageengine_opmanager_plus	12.6:build126141
zohocorp	manageengine_opmanager_plus	12.6:build126154
zohocorp	manageengine_opmanager_plus	12.6:build126155
zohocorp	manageengine_opmanager_plus	12.6:build126264
zohocorp	manageengine_opmanager_msp	𝑥 < 12.6
zohocorp	manageengine_opmanager_msp	12.6:build126001
zohocorp	manageengine_opmanager_msp	12.6:build126002
zohocorp	manageengine_opmanager_msp	12.6:build126100
zohocorp	manageengine_opmanager_msp	12.6:build126103
zohocorp	manageengine_opmanager_msp	12.6:build126104
zohocorp	manageengine_opmanager_msp	12.6:build126107
zohocorp	manageengine_opmanager_msp	12.6:build126113
zohocorp	manageengine_opmanager_msp	12.6:build126117
zohocorp	manageengine_opmanager_msp	12.6:build126119
zohocorp	manageengine_opmanager_msp	12.6:build126122
zohocorp	manageengine_opmanager_msp	12.6:build126139
zohocorp	manageengine_opmanager_msp	12.6:build126140
zohocorp	manageengine_opmanager_msp	12.6:build126141
zohocorp	manageengine_opmanager_msp	12.6:build126154
zohocorp	manageengine_opmanager_msp	12.6:build126155
zohocorp	manageengine_opmanager_msp	12.6:build126264

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685

https://www.manageengine.com/itom/advisory/cve-2022-43473.html

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685

https://www.manageengine.com/itom/advisory/cve-2022-43473.html

https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685