CVE-2023-28340

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-28340
Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://manageengine.com Product
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2023-28340.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16300:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16310:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_applications_manager:16.3:build16320:*:*:*:*:*:*
History

14 Apr 2023, 22:44

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-11 01:15

Updated : 2024-02-04 23:37

NVD link : CVE-2023-28340

Mitre link : CVE-2023-28340

CVE.ORG link : CVE-2023-28340

JSON object : View

Products Affected

zohocorp

  • manageengine_applications_manager
CWE
CWE-611

Improper Restriction of XML External Entity Reference