What is CVE-2023-29443?

CVE-2023-29443 is a vulnerability in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus, and AssetExplorer that allows SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

How severe is CVE-2023-29443?

CVE-2023-29443 has a severity level of 4.9 out of 10, which is considered medium.

What is the Common Weakness Enumeration (CWE) for CVE-2023-29443?

The CWE for CVE-2023-29443 is CWE-611.

Is there a fix for CVE-2023-29443?

Yes, upgrading to versions 14105 for Zoho ManageEngine ServiceDesk Plus, 14200 for ServiceDesk Plus MSP and SupportCenter Plus, and 6989 for AssetExplorer will fix the vulnerability.

Vulnerability/
CVE-2023-29443

medium

4.9

CWE

611

26/4/2023

2/8/2024

CVE-2023-29443: XEE

Q: What software versions are affected by CVE-2023-29443?

Versions of Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 are affected by CVE-2023-29443.

First published: Wed Apr 26 2023(Updated: )

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Assetexplorer	=6.9-6980
Zohocorp Manageengine Assetexplorer	=6.9-6981
Zohocorp Manageengine Assetexplorer	=6.9-6982
Zohocorp Manageengine Assetexplorer	=6.9-6983
Zohocorp Manageengine Assetexplorer	=6.9-6984
Zohocorp Manageengine Assetexplorer	=6.9-6985
Zohocorp Manageengine Assetexplorer	=6.9-6986
Zohocorp Manageengine Assetexplorer	=6.9-6987
Zohocorp Manageengine Assetexplorer	=6.9-6988
Zohocorp Manageengine Servicedesk Plus	<14.1
Zohocorp Manageengine Servicedesk Plus	=14.1
Zohocorp Manageengine Servicedesk Plus	=14.1-14100
Zohocorp Manageengine Servicedesk Plus	=14.1-14101
Zohocorp Manageengine Servicedesk Plus	=14.1-14102
Zohocorp Manageengine Servicedesk Plus	=14.1-14103
Zohocorp Manageengine Servicedesk Plus	=14.1-14104
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	<14.0
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=14.0-14000
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=14.0-14001
Zohocorp Manageengine Supportcenter Plus	<14.0
Zohocorp Manageengine Supportcenter Plus	=14.0-14000
Zohocorp Manageengine Supportcenter Plus	=14.0-14001

Never miss a vulnerability like this again

Reference Links

https://www.manageengine.com/products/service-desk/CVE-2023-29443.html

Frequently Asked Questions

What is CVE-2023-29443?
CVE-2023-29443 is a vulnerability in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus, and AssetExplorer that allows SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
What software versions are affected by CVE-2023-29443?
Versions of Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 are affected by CVE-2023-29443.
How severe is CVE-2023-29443?
CVE-2023-29443 has a severity level of 4.9 out of 10, which is considered medium.
What is the Common Weakness Enumeration (CWE) for CVE-2023-29443?
The CWE for CVE-2023-29443 is CWE-611.
Is there a fix for CVE-2023-29443?
Yes, upgrading to versions 14105 for Zoho ManageEngine ServiceDesk Plus, 14200 for ServiceDesk Plus MSP and SupportCenter Plus, and 6989 for AssetExplorer will fix the vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/references
agent/last-modified-date
agent/severity
agent/tags
agent/author
agent/description
agent/first-publish-date
agent/event
vendor/zohocorp
canonical/zohocorp manageengine assetexplorer
version/zohocorp manageengine assetexplorer/6.9-6980
version/zohocorp manageengine assetexplorer/6.9-6981
version/zohocorp manageengine assetexplorer/6.9-6982
version/zohocorp manageengine assetexplorer/6.9-6983
version/zohocorp manageengine assetexplorer/6.9-6984
version/zohocorp manageengine assetexplorer/6.9-6985
version/zohocorp manageengine assetexplorer/6.9-6986
version/zohocorp manageengine assetexplorer/6.9-6987
version/zohocorp manageengine assetexplorer/6.9-6988
canonical/zohocorp manageengine servicedesk plus
version/zohocorp manageengine servicedesk plus/14.1
version/zohocorp manageengine servicedesk plus/14.1-14100
version/zohocorp manageengine servicedesk plus/14.1-14101
version/zohocorp manageengine servicedesk plus/14.1-14102
version/zohocorp manageengine servicedesk plus/14.1-14103
version/zohocorp manageengine servicedesk plus/14.1-14104
canonical/zoho manageengine servicedesk plus (sdp) / supportcenter plus
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/14.0-14000
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/14.0-14001
canonical/zohocorp manageengine supportcenter plus
version/zohocorp manageengine supportcenter plus/14.0-14000
version/zohocorp manageengine supportcenter plus/14.0-14001

CVE-2023-29443: XEE

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-29443?

What software versions are affected by CVE-2023-29443?

How severe is CVE-2023-29443?

What is the Common Weakness Enumeration (CWE) for CVE-2023-29443?

Is there a fix for CVE-2023-29443?

Company

Resources

Contact