Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29443

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

Published

2023-04-26T21:15:08.957

Last Modified

2025-02-03T20:15:31.143

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-611
  • Type: Secondary
    CWE-611
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_assetexplorer 6.9 Yes
Application zohocorp manageengine_servicedesk_plus < 14.1 Yes
Application zohocorp manageengine_servicedesk_plus 14.1 Yes
Application zohocorp manageengine_servicedesk_plus 14.1 Yes
Application zohocorp manageengine_servicedesk_plus 14.1 Yes
Application zohocorp manageengine_servicedesk_plus 14.1 Yes
Application zohocorp manageengine_servicedesk_plus 14.1 Yes
Application zohocorp manageengine_servicedesk_plus 14.1 Yes
Application zohocorp manageengine_servicedesk_plus_msp < 14.0 Yes
Application zohocorp manageengine_servicedesk_plus_msp 14.0 Yes
Application zohocorp manageengine_servicedesk_plus_msp 14.0 Yes
Application zohocorp manageengine_supportcenter_plus < 14.0 Yes
Application zohocorp manageengine_supportcenter_plus 14.0 Yes
Application zohocorp manageengine_supportcenter_plus 14.0 Yes
References