A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine opmanager 12.6 |
||
zohocorp manageengine opmanager |
||
zohocorp manageengine opmanager plus 12.6 |
||
zohocorp manageengine opmanager plus |
||
zohocorp manageengine opmanager msp 12.6 |
||
zohocorp manageengine opmanager msp |