CVE-2022-43473

{"id": "CVE-2022-43473", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.6}]}, "published": "2023-03-30T17:15:06.750", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html", "tags": ["Patch", "Vendor Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve \r\na malicious XML payload to trigger this vulnerability."}], "lastModified": "2023-11-07T03:53:49.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30BF0F86-635A-4637-A5F9-9FA122845610", "versionEndExcluding": "12.6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48C09D5D-BC77-42DC-9A72-00A71F8C1A21"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14269E88-7186-4F2C-B770-964D0AD7D414"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31498701-6732-40E4-8F3D-55EE8A77D61B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126004:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B740E757-147B-4DEB-89C5-59EB9FFBD6BA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126005:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE1CA16B-558F-426A-B87B-23D47681F1AE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C46D091F-095F-4F1D-8D16-1021E15BC963"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AE780F5-EF56-45F3-A5E7-805A24C04A97"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "212A00BA-ED01-45F3-9E9C-9E6B75B82CDD"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBFA159F-0293-4E44-BB20-173021991107"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126104:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "356504E5-BE0A-4F54-8713-AC9EA29D189C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126107:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBDA89CD-3D30-488F-9EE6-92E84507B95D"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126108:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A535E330-A6ED-4E51-A3C0-5A6D04B024C4"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126109:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A231F874-62DD-4BAC-B115-CD6D61F23873"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126110:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E6C0DE1-8B37-496C-90AF-38C0B189150E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27D49B1C-1140-4CA7-B10A-9B59ACE69208"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1979F66B-749E-41F8-9CBD-E4AD4483B500"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC5A1967-8D4F-4090-A2BA-5FFCEAA2EFFF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50D85F0C-201C-44D3-92C7-261095B4B03E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36B6C5A9-FC13-4AB0-BE8B-9DFA8FDB0C57"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126118:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B621572C-448C-43C4-AF8E-EEBCFADF3630"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126119:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAAF3692-3979-494B-831A-D8BFE127A6C6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126120:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE7B18B3-87AD-4960-8FBE-D90BE5FF6776"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126121:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79F88190-237F-4D39-B70E-FC0CBCE65DE3"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126122:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C6640CC-4BF7-4D7E-A128-0F36CC0DD3DC"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126130:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA2D7B9C-AE06-4A1C-8C88-FDAD9AADF73B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126131:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "014DEAE0-EB0F-43BB-A922-5ED346E774A5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126132:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D63BDBE-E10F-4E57-8F26-C6D31A6CAB4C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126134:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "614916D2-74A2-45F5-BF8D-E0FD8F0000B0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126135:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0C9C18E-C143-46AF-8126-FB0A71E4E4CA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126136:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B93668B-4988-424B-BB81-6A18355F8624"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126139:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56EB1279-627C-43E1-80D7-A09BF047757E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126141:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F06D655C-29AC-4FDB-B22F-148743C469F2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126147:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2790B5B-F0F4-4B3B-8747-34685D988024"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126148:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD572C9F-3B99-4A1D-AC18-AF7163F06FA2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126149:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA0872FB-4491-45BA-9429-BEBDB7AA4B49"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126150:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1940E42F-0F5D-4262-888F-FD23830E73ED"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126151:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3251E9C-8E78-464F-991C-3966B3E2E36D"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126154:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6428F23E-AFC0-47F8-9059-655D2FF5AF11"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126155:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33577344-B3FC-4E14-8C76-C5A542FF5598"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126162:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BECCAD7-9F39-4849-8327-96BA17414418"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126163:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B4472BF-9646-4575-A440-8A11B7C5C090"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126164:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89A06D36-31CE-43DD-9E55-EFC78FA1D252"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126165:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17154C40-0DBC-405F-B68E-76672F28A700"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126166:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAC1EB6D-CEA0-4B98-B988-448FB844B488"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126167:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ECC8CA3-28B8-48BC-944E-0F9503382C5E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126168:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F2863D4-D448-4843-9B99-1442A0A3C2FA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA7ACDA3-D9A0-4C03-B42A-5DE2517DCB65", "versionEndExcluding": "12.6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB7DAAA8-6A7B-41EF-8783-7EFDEE747332"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87907DDD-12AF-435A-A005-893FED115AAE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA101FBC-D697-4A7E-B539-79097228B735"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CC9EF3C-6768-4976-94C8-3FBEE6093ECF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126104:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "362871E6-BF7C-46D4-8EFE-C87E96C71799"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126107:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B352D823-74D2-401A-97A2-8B2A6391545F"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5934D8A-C10F-47BC-BB73-45B8CB71C686"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59E334B0-6BF6-4674-9D9D-7E9C988BAB57"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126119:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E866F2AE-FB51-4270-A673-B1299C7CD2F4"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126122:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "823014A6-D8F5-430C-A813-373292450006"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126139:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E755C6A6-14DA-4AA5-A549-366E4E64F9F5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126140:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7009FB6-8594-4115-BD9B-CC50CE186E30"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126141:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F495163-C813-4CE5-95AE-EAA700AD05DB"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126154:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4136C288-60F2-455B-8A6B-C602294AFADF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126155:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6037DF2D-1B68-45B6-A72C-C0AE37E2F29A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126264:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAE8929C-4D00-4DCB-8605-82B86AC9CBDD"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F74946AD-F68D-474A-8634-DB6CEF999302", "versionEndExcluding": "12.6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B15B6E60-9DF9-4524-8387-8CF0B2B6D0F5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEB00990-C73C-4B46-B87D-80E3B5B39302"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06AEE3B8-3A71-466D-880F-B39E6E4D9899"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7E2FFFB-975D-4FFF-A54E-01336B2687BF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126104:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34A43740-26B4-4D73-BC53-7D14529BA78B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126107:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "037A9312-321F-4A22-B17E-83B6A2BA9BB9"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C1FB9D8-1DA7-486C-9418-9C00F4D184D5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F78374E4-E4AF-4E77-9AE6-BEC58DCAB6AE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126119:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8912068D-3412-47E5-A790-0CDB29E05F20"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126122:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39C96D52-9AD6-42B8-AE99-3F6C1D520DF7"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126139:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BED90D90-615E-4E7B-9C02-CBE942589BF6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126140:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30957BC1-C180-405E-A4D4-818F67819C1C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126141:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD11A46A-8C7C-4AC0-B353-34C149AF4951"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126154:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B598B209-B85F-4968-8C49-B52B9D1D2BB4"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126155:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AB5E114-0705-41D3-8C40-D0F583180E5F"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126264:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "840B07B8-E0BE-4D34-B511-B7C593AFDDD5"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}