Vulnerabilities > CVE-2023-4768 - Unspecified vulnerability in Zohocorp Manageengine Desktop Central 9.1.0

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

zohocorp

NVD

Published: 2023-11-03

Updated: 2024-11-21

Summary

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Desktop Central 9.1.0	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central