CVE-2023-29443: XEE

First published: Wed Apr 26 2023(Updated: )

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

Credit: cve@mitre.org

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• vendor/zohocorp
• canonical/zohocorp manageengine assetexplorer
• version/zohocorp manageengine assetexplorer/6.9-6980
• version/zohocorp manageengine assetexplorer/6.9-6981
• version/zohocorp manageengine assetexplorer/6.9-6982
• version/zohocorp manageengine assetexplorer/6.9-6983
• version/zohocorp manageengine assetexplorer/6.9-6984
• version/zohocorp manageengine assetexplorer/6.9-6985
• version/zohocorp manageengine assetexplorer/6.9-6986
• version/zohocorp manageengine assetexplorer/6.9-6987
• version/zohocorp manageengine assetexplorer/6.9-6988
• canonical/zohocorp manageengine servicedesk plus
• version/zohocorp manageengine servicedesk plus/14.1
• version/zohocorp manageengine servicedesk plus/14.1-14100
• version/zohocorp manageengine servicedesk plus/14.1-14101
• version/zohocorp manageengine servicedesk plus/14.1-14102
• version/zohocorp manageengine servicedesk plus/14.1-14103
• version/zohocorp manageengine servicedesk plus/14.1-14104
• canonical/zoho manageengine servicedesk plus (sdp) / supportcenter plus
• version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/14.0-14000
• version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/14.0-14001
• canonical/zohocorp manageengine supportcenter plus
• version/zohocorp manageengine supportcenter plus/14.0-14000
• version/zohocorp manageengine supportcenter plus/14.0-14001