{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43473", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2022-12-05T20:53:36.058Z", "datePublished": "2023-03-30T16:28:35.983Z", "dateUpdated": "2025-02-11T19:14:03.416Z"}, "containers": {"cna": {"affected": [{"vendor": "ManageEngine", "product": "OpManager", "versions": [{"version": " 12.6.168", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve \r\na malicious XML payload to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')", "type": "CWE", "cweId": "CWE-611"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-03-30T16:28:35.983Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685"}, {"url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html", "name": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685", "tags": ["x_transferred"]}, {"url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html", "name": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.643Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T19:13:55.362515Z", "id": "CVE-2022-43473", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T19:14:03.416Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685", "tags": ["x_transferred"]}, {"url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html", "name": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:32:59.643Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43473", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T19:13:55.362515Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T19:09:24.480Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "ManageEngine", "product": "OpManager", "versions": [{"status": "affected", "version": " 12.6.168"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685"}, {"url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html", "name": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html"}], "descriptions": [{"lang": "en", "value": "A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve \r\na malicious XML payload to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2023-03-30T16:28:35.983Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43473", "state": "PUBLISHED", "dateUpdated": "2025-02-11T19:14:03.416Z", "dateReserved": "2022-12-05T20:53:36.058Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2023-03-30T16:28:35.983Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "30BF0F86-635A-4637-A5F9-9FA122845610", "versionEndExcluding": "12.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "48C09D5D-BC77-42DC-9A72-00A71F8C1A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "14269E88-7186-4F2C-B770-964D0AD7D414", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126002:*:*:*:*:*:*", "matchCriteriaId": "31498701-6732-40E4-8F3D-55EE8A77D61B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126004:*:*:*:*:*:*", "matchCriteriaId": "B740E757-147B-4DEB-89C5-59EB9FFBD6BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126005:*:*:*:*:*:*", "matchCriteriaId": "BE1CA16B-558F-426A-B87B-23D47681F1AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "C46D091F-095F-4F1D-8D16-1021E15BC963", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:*", "matchCriteriaId": "2AE780F5-EF56-45F3-A5E7-805A24C04A97", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:*", "matchCriteriaId": "212A00BA-ED01-45F3-9E9C-9E6B75B82CDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "CBFA159F-0293-4E44-BB20-173021991107", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126104:*:*:*:*:*:*", "matchCriteriaId": "356504E5-BE0A-4F54-8713-AC9EA29D189C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126107:*:*:*:*:*:*", "matchCriteriaId": "DBDA89CD-3D30-488F-9EE6-92E84507B95D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126108:*:*:*:*:*:*", "matchCriteriaId": "A535E330-A6ED-4E51-A3C0-5A6D04B024C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126109:*:*:*:*:*:*", "matchCriteriaId": "A231F874-62DD-4BAC-B115-CD6D61F23873", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126110:*:*:*:*:*:*", "matchCriteriaId": "2E6C0DE1-8B37-496C-90AF-38C0B189150E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "27D49B1C-1140-4CA7-B10A-9B59ACE69208", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:*", "matchCriteriaId": "1979F66B-749E-41F8-9CBD-E4AD4483B500", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:*", "matchCriteriaId": "BC5A1967-8D4F-4090-A2BA-5FFCEAA2EFFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:*", "matchCriteriaId": "50D85F0C-201C-44D3-92C7-261095B4B03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "36B6C5A9-FC13-4AB0-BE8B-9DFA8FDB0C57", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126118:*:*:*:*:*:*", "matchCriteriaId": "B621572C-448C-43C4-AF8E-EEBCFADF3630", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126119:*:*:*:*:*:*", "matchCriteriaId": "AAAF3692-3979-494B-831A-D8BFE127A6C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126120:*:*:*:*:*:*", "matchCriteriaId": "EE7B18B3-87AD-4960-8FBE-D90BE5FF6776", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126121:*:*:*:*:*:*", "matchCriteriaId": "79F88190-237F-4D39-B70E-FC0CBCE65DE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126122:*:*:*:*:*:*", "matchCriteriaId": "3C6640CC-4BF7-4D7E-A128-0F36CC0DD3DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126130:*:*:*:*:*:*", "matchCriteriaId": "CA2D7B9C-AE06-4A1C-8C88-FDAD9AADF73B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126131:*:*:*:*:*:*", "matchCriteriaId": "014DEAE0-EB0F-43BB-A922-5ED346E774A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126132:*:*:*:*:*:*", "matchCriteriaId": "3D63BDBE-E10F-4E57-8F26-C6D31A6CAB4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126134:*:*:*:*:*:*", "matchCriteriaId": "614916D2-74A2-45F5-BF8D-E0FD8F0000B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126135:*:*:*:*:*:*", "matchCriteriaId": "B0C9C18E-C143-46AF-8126-FB0A71E4E4CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126136:*:*:*:*:*:*", "matchCriteriaId": "5B93668B-4988-424B-BB81-6A18355F8624", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126139:*:*:*:*:*:*", "matchCriteriaId": "56EB1279-627C-43E1-80D7-A09BF047757E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126141:*:*:*:*:*:*", "matchCriteriaId": "F06D655C-29AC-4FDB-B22F-148743C469F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126147:*:*:*:*:*:*", "matchCriteriaId": "D2790B5B-F0F4-4B3B-8747-34685D988024", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126148:*:*:*:*:*:*", "matchCriteriaId": "BD572C9F-3B99-4A1D-AC18-AF7163F06FA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126149:*:*:*:*:*:*", "matchCriteriaId": "AA0872FB-4491-45BA-9429-BEBDB7AA4B49", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126150:*:*:*:*:*:*", "matchCriteriaId": "1940E42F-0F5D-4262-888F-FD23830E73ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126151:*:*:*:*:*:*", "matchCriteriaId": "F3251E9C-8E78-464F-991C-3966B3E2E36D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126154:*:*:*:*:*:*", "matchCriteriaId": "6428F23E-AFC0-47F8-9059-655D2FF5AF11", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126155:*:*:*:*:*:*", "matchCriteriaId": "33577344-B3FC-4E14-8C76-C5A542FF5598", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126162:*:*:*:*:*:*", "matchCriteriaId": "5BECCAD7-9F39-4849-8327-96BA17414418", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126163:*:*:*:*:*:*", "matchCriteriaId": "3B4472BF-9646-4575-A440-8A11B7C5C090", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126164:*:*:*:*:*:*", "matchCriteriaId": "89A06D36-31CE-43DD-9E55-EFC78FA1D252", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126165:*:*:*:*:*:*", "matchCriteriaId": "17154C40-0DBC-405F-B68E-76672F28A700", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126166:*:*:*:*:*:*", "matchCriteriaId": "FAC1EB6D-CEA0-4B98-B988-448FB844B488", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126167:*:*:*:*:*:*", "matchCriteriaId": "7ECC8CA3-28B8-48BC-944E-0F9503382C5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126168:*:*:*:*:*:*", "matchCriteriaId": "4F2863D4-D448-4843-9B99-1442A0A3C2FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA7ACDA3-D9A0-4C03-B42A-5DE2517DCB65", "versionEndExcluding": "12.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "FB7DAAA8-6A7B-41EF-8783-7EFDEE747332", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126002:*:*:*:*:*:*", "matchCriteriaId": "87907DDD-12AF-435A-A005-893FED115AAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "EA101FBC-D697-4A7E-B539-79097228B735", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "4CC9EF3C-6768-4976-94C8-3FBEE6093ECF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126104:*:*:*:*:*:*", "matchCriteriaId": "362871E6-BF7C-46D4-8EFE-C87E96C71799", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126107:*:*:*:*:*:*", "matchCriteriaId": "B352D823-74D2-401A-97A2-8B2A6391545F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "B5934D8A-C10F-47BC-BB73-45B8CB71C686", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "59E334B0-6BF6-4674-9D9D-7E9C988BAB57", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126119:*:*:*:*:*:*", "matchCriteriaId": "E866F2AE-FB51-4270-A673-B1299C7CD2F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126122:*:*:*:*:*:*", "matchCriteriaId": "823014A6-D8F5-430C-A813-373292450006", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126139:*:*:*:*:*:*", "matchCriteriaId": "E755C6A6-14DA-4AA5-A549-366E4E64F9F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126140:*:*:*:*:*:*", "matchCriteriaId": "A7009FB6-8594-4115-BD9B-CC50CE186E30", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126141:*:*:*:*:*:*", "matchCriteriaId": "1F495163-C813-4CE5-95AE-EAA700AD05DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126154:*:*:*:*:*:*", "matchCriteriaId": "4136C288-60F2-455B-8A6B-C602294AFADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126155:*:*:*:*:*:*", "matchCriteriaId": "6037DF2D-1B68-45B6-A72C-C0AE37E2F29A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126264:*:*:*:*:*:*", "matchCriteriaId": "AAE8929C-4D00-4DCB-8605-82B86AC9CBDD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*", "matchCriteriaId": "F74946AD-F68D-474A-8634-DB6CEF999302", "versionEndExcluding": "12.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "B15B6E60-9DF9-4524-8387-8CF0B2B6D0F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126002:*:*:*:*:*:*", "matchCriteriaId": "DEB00990-C73C-4B46-B87D-80E3B5B39302", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "06AEE3B8-3A71-466D-880F-B39E6E4D9899", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "C7E2FFFB-975D-4FFF-A54E-01336B2687BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126104:*:*:*:*:*:*", "matchCriteriaId": "34A43740-26B4-4D73-BC53-7D14529BA78B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126107:*:*:*:*:*:*", "matchCriteriaId": "037A9312-321F-4A22-B17E-83B6A2BA9BB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "4C1FB9D8-1DA7-486C-9418-9C00F4D184D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "F78374E4-E4AF-4E77-9AE6-BEC58DCAB6AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126119:*:*:*:*:*:*", "matchCriteriaId": "8912068D-3412-47E5-A790-0CDB29E05F20", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126122:*:*:*:*:*:*", "matchCriteriaId": "39C96D52-9AD6-42B8-AE99-3F6C1D520DF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126139:*:*:*:*:*:*", "matchCriteriaId": "BED90D90-615E-4E7B-9C02-CBE942589BF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126140:*:*:*:*:*:*", "matchCriteriaId": "30957BC1-C180-405E-A4D4-818F67819C1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126141:*:*:*:*:*:*", "matchCriteriaId": "DD11A46A-8C7C-4AC0-B353-34C149AF4951", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126154:*:*:*:*:*:*", "matchCriteriaId": "B598B209-B85F-4968-8C49-B52B9D1D2BB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126155:*:*:*:*:*:*", "matchCriteriaId": "6AB5E114-0705-41D3-8C40-D0F583180E5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126264:*:*:*:*:*:*", "matchCriteriaId": "840B07B8-E0BE-4D34-B511-B7C593AFDDD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve \r\na malicious XML payload to trigger this vulnerability."}], "id": "CVE-2022-43473", "lastModified": "2024-11-21T07:26:33.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.7, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-30T17:15:06.750", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685"}, {"source": "talos-cna@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{}