Blind XML External Entity (XXE) Vulnerability in ManageEngine OpManager 12.6.168

Blind XML External Entity (XXE) Vulnerability in ManageEngine OpManager 12.6.168

CVE-2022-43473 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.

Learn more about our External Network Penetration Testing.