CVE-2023-35786 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
zohocorp	manageengine_admanager_plus	𝑥 < 7.1
zohocorp	manageengine_admanager_plus	7.1
zohocorp	manageengine_admanager_plus	7.1:7100
zohocorp	manageengine_admanager_plus	7.1:7101
zohocorp	manageengine_admanager_plus	7.1:7102
zohocorp	manageengine_admanager_plus	7.1:7110
zohocorp	manageengine_admanager_plus	7.1:7111
zohocorp	manageengine_admanager_plus	7.1:7112
zohocorp	manageengine_admanager_plus	7.1:7113
zohocorp	manageengine_admanager_plus	7.1:7114
zohocorp	manageengine_admanager_plus	7.1:7115
zohocorp	manageengine_admanager_plus	7.1:7116
zohocorp	manageengine_admanager_plus	7.1:7117
zohocorp	manageengine_admanager_plus	7.1:7118
zohocorp	manageengine_admanager_plus	7.1:7120
zohocorp	manageengine_admanager_plus	7.1:7121
zohocorp	manageengine_admanager_plus	7.1:7122
zohocorp	manageengine_admanager_plus	7.1:7123
zohocorp	manageengine_admanager_plus	7.1:7124
zohocorp	manageengine_admanager_plus	7.1:7125
zohocorp	manageengine_admanager_plus	7.1:7126
zohocorp	manageengine_admanager_plus	7.1:7130
zohocorp	manageengine_admanager_plus	7.1:7131
zohocorp	manageengine_admanager_plus	7.1:7140
zohocorp	manageengine_admanager_plus	7.1:7141
zohocorp	manageengine_admanager_plus	7.1:7150
zohocorp	manageengine_admanager_plus	7.1:7151
zohocorp	manageengine_admanager_plus	7.1:7160
zohocorp	manageengine_admanager_plus	7.1:7161
zohocorp	manageengine_admanager_plus	7.1:7162
zohocorp	manageengine_admanager_plus	7.1:7163
zohocorp	manageengine_admanager_plus	7.1:7170
zohocorp	manageengine_admanager_plus	7.1:7171
zohocorp	manageengine_admanager_plus	7.1:7180
zohocorp	manageengine_admanager_plus	7.1:7181
zohocorp	manageengine_admanager_plus	7.1:7182

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-35786.html