CVE-2023-4769
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Nov 3, 2023
Updated: Nov 13, 2023
CWE ID 79
Summary
CVE-2023-4769 is a newly discovered vulnerability affecting ManageEngine Desktop Central version 9.1.0. The issue lies within the /smtpConfig.do component, making it a Single Sign-On (SSRF) vulnerability. An authenticated attacker can leverage this flaw to execute targeted attacks, such as cross-port attacks, service enumeration, and others through crafted HTTP requests. This vulnerability poses a significant risk and requires immediate attention from users to apply the necessary patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- IBM Sterling Secure Proxy
Affected Vendors
- IBM Corporation