CVE-2019-14693: XEE
First published: Thu Aug 08 2019(Updated: )
Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Assetexplorer | =6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-14693?
CVE-2019-14693 is a vulnerability in Zoho ManageEngine AssetExplorer 6.2.0 that allows for an XML External Entity Injection (XXE) attack.
How does the CVE-2019-14693 vulnerability work?
The vulnerability in Zoho ManageEngine AssetExplorer 6.2.0 allows a remote attacker to exploit the XML External Entity Injection (XXE) vulnerability when processing license XML data.
What are the potential impacts of CVE-2019-14693?
The CVE-2019-14693 vulnerability could lead to the exposure of sensitive information or the consumption of memory resources.
What software versions are affected by CVE-2019-14693?
Zoho ManageEngine AssetExplorer 6.2.0 is the affected version.
Where can I find more information about CVE-2019-14693?
You can find more information about CVE-2019-14693 at the following URL: https://www.excellium-services.com/cert-xlm-advisory/cve-2019-14693
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine assetexplorer
- version/zohocorp manageengine assetexplorer/6.2.0