Vulnerabilities > CVE-2023-28340 - XXE vulnerability in Zohocorp Manageengine Applications Manager

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

zohocorp

CWE-611

NVD

Published: 2023-04-11

Updated: 2023-04-14

Summary

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Applications Manager 11.0 Zohocorp Manageengine Applications Manager 11.1 Zohocorp Manageengine Applications Manager 11.2 Zohocorp Manageengine Applications Manager 11.3 Zohocorp Manageengine Applications Manager 11.4 Zohocorp Manageengine Applications Manager 11.5 Zohocorp Manageengine Applications Manager 11.6 Zohocorp Manageengine Applications Manager 11.7 Zohocorp Manageengine Applications Manager 11.8 Zohocorp Manageengine Applications Manager 11.9 Zohocorp Manageengine Applications Manager 12.0 Zohocorp Manageengine Applications Manager 12.1 Zohocorp Manageengine Applications Manager 12.2 Zohocorp Manageengine Applications Manager 12.3 Zohocorp Manageengine Applications Manager 12.4 Zohocorp Manageengine Applications Manager 12.5 Zohocorp Manageengine Applications Manager 12.6 Zohocorp Manageengine Applications Manager 12.7 Zohocorp Manageengine Applications Manager 12.8 Zohocorp Manageengine Applications Manager 12.9 Zohocorp Manageengine Applications Manager 13 Zohocorp Manageengine Applications Manager 13.0 Zohocorp Manageengine Applications Manager 13.1 Zohocorp Manageengine Applications Manager 13.2 Zohocorp Manageengine Applications Manager 13.3 Zohocorp Manageengine Applications Manager 13.4 Zohocorp Manageengine Applications Manager 13.5 Zohocorp Manageengine Applications Manager 13.6 Zohocorp Manageengine Applications Manager 13.7 Zohocorp Manageengine Applications Manager 13.8 Zohocorp Manageengine Applications Manager 13.9 Zohocorp Manageengine Applications Manager 13.13820 Zohocorp Manageengine Applications Manager 14.0 Zohocorp Manageengine Applications Manager 14.1 Zohocorp Manageengine Applications Manager 14.2 Zohocorp Manageengine Applications Manager 14.3 Zohocorp Manageengine Applications Manager 14.4 Zohocorp Manageengine Applications Manager 14.5 Zohocorp Manageengine Applications Manager 14.6 Zohocorp Manageengine Applications Manager 14.7 Zohocorp Manageengine Applications Manager 14.8 Zohocorp Manageengine Applications Manager 14.9 Zohocorp Manageengine Applications Manager 15.0 Zohocorp Manageengine Applications Manager 15.1 Zohocorp Manageengine Applications Manager 15.2 Zohocorp Manageengine Applications Manager 15.5 Zohocorp Manageengine Applications Manager 15.9 Zohocorp Manageengine Applications Manager 16.0 Zohocorp Manageengine Applications Manager 16.1 Zohocorp Manageengine Applications Manager 16.2 Zohocorp Manageengine Applications Manager 16.3	377

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References