CVE-2023-4769

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 3, 2023

Updated: Nov 13, 2023

CWE ID 79

Summary

CVE-2023-4769 is a newly discovered vulnerability affecting ManageEngine Desktop Central version 9.1.0. The issue lies within the /smtpConfig.do component, making it a Single Sign-On (SSRF) vulnerability. An authenticated attacker can leverage this flaw to execute targeted attacks, such as cross-port attacks, service enumeration, and others through crafted HTTP requests. This vulnerability poses a significant risk and requires immediate attention from users to apply the necessary patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Sterling Secure Proxy

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tVhqRt
https://www.cve.org/CVERecord?id=CVE-2023-4769
https://nvd.nist.gov/vuln/detail/CVE-2023-4769

Back to Vulnerability Database