CVE-2023-29443: XEE
First published: Wed Apr 26 2023(Updated: )
Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine AssetExplorer | =6.9-6980 | |
| ManageEngine AssetExplorer | =6.9-6981 | |
| ManageEngine AssetExplorer | =6.9-6982 | |
| ManageEngine AssetExplorer | =6.9-6983 | |
| ManageEngine AssetExplorer | =6.9-6984 | |
| ManageEngine AssetExplorer | =6.9-6985 | |
| ManageEngine AssetExplorer | =6.9-6986 | |
| ManageEngine AssetExplorer | =6.9-6987 | |
| ManageEngine AssetExplorer | =6.9-6988 | |
| Zoho ManageEngine ServiceDesk Plus | <14.1 | |
| Zoho ManageEngine ServiceDesk Plus | =14.1 | |
| Zoho ManageEngine ServiceDesk Plus | =14.1-14100 | |
| Zoho ManageEngine ServiceDesk Plus | =14.1-14101 | |
| Zoho ManageEngine ServiceDesk Plus | =14.1-14102 | |
| Zoho ManageEngine ServiceDesk Plus | =14.1-14103 | |
| Zoho ManageEngine ServiceDesk Plus | =14.1-14104 | |
| Zoho ManageEngine ServiceDesk Plus MSP | <14.0 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =14.0-14000 | |
| Zoho ManageEngine ServiceDesk Plus MSP | =14.0-14001 | |
| ManageEngine SupportCenter Plus | <14.0 | |
| ManageEngine SupportCenter Plus | =14.0-14000 | |
| ManageEngine SupportCenter Plus | =14.0-14001 | |
| =6.9-6980 | ||
| =6.9-6981 | ||
| =6.9-6982 | ||
| =6.9-6983 | ||
| =6.9-6984 | ||
| =6.9-6985 | ||
| =6.9-6986 | ||
| =6.9-6987 | ||
| =6.9-6988 | ||
| <14.1 | ||
| =14.1 | ||
| =14.1-14100 | ||
| =14.1-14101 | ||
| =14.1-14102 | ||
| =14.1-14103 | ||
| =14.1-14104 | ||
| <14.0 | ||
| =14.0-14000 | ||
| =14.0-14001 | ||
| <14.0 | ||
| =14.0-14000 | ||
| =14.0-14001 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-29443?
CVE-2023-29443 is a vulnerability in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus, and AssetExplorer that allows SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint.
What software versions are affected by CVE-2023-29443?
Versions of Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 are affected by CVE-2023-29443.
How severe is CVE-2023-29443?
CVE-2023-29443 has a severity level of 4.9 out of 10, which is considered medium.
What is the Common Weakness Enumeration (CWE) for CVE-2023-29443?
The CWE for CVE-2023-29443 is CWE-611.
Is there a fix for CVE-2023-29443?
Yes, upgrading to versions 14105 for Zoho ManageEngine ServiceDesk Plus, 14200 for ServiceDesk Plus MSP and SupportCenter Plus, and 6989 for AssetExplorer will fix the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/zohocorp
- canonical/manageengine assetexplorer
- version/manageengine assetexplorer/6.9-6980
- version/manageengine assetexplorer/6.9-6981
- version/manageengine assetexplorer/6.9-6982
- version/manageengine assetexplorer/6.9-6983
- version/manageengine assetexplorer/6.9-6984
- version/manageengine assetexplorer/6.9-6985
- version/manageengine assetexplorer/6.9-6986
- version/manageengine assetexplorer/6.9-6987
- version/manageengine assetexplorer/6.9-6988
- canonical/zoho manageengine servicedesk plus
- version/zoho manageengine servicedesk plus/14.1
- version/zoho manageengine servicedesk plus/14.1-14100
- version/zoho manageengine servicedesk plus/14.1-14101
- version/zoho manageengine servicedesk plus/14.1-14102
- version/zoho manageengine servicedesk plus/14.1-14103
- version/zoho manageengine servicedesk plus/14.1-14104
- canonical/zoho manageengine servicedesk plus msp
- version/zoho manageengine servicedesk plus msp/14.0-14000
- version/zoho manageengine servicedesk plus msp/14.0-14001
- canonical/manageengine supportcenter plus
- version/manageengine supportcenter plus/14.0-14000
- version/manageengine supportcenter plus/14.0-14001