This document addresses the vulnerability reported in the monitoring component of RMM Central.
Severities: Medium
Update Released Build: 10.1.46
Update Released Date: 07/01/2023
Previously, there was an XML External Entity (XXE) vulnerability in UCS module. It has been fixed now. This issue has been fixed by disabling XML entities while parsing XML response, because of which XML entities will not be invoked.
Exploiting XMLs with vulnerable XML entity lead to the access of restricted resources.
Affected versions: 10.1.45 and below
This vulnerability was reported by Cisco Talos-Marcin Nago. Find out more about CVE-2022-43473 from the CVE dictionary.
These vulnerabilities have been fixed on January 7, 2023 and the mitigation is available in the build 10.1.46 with monitoring build 12.6.273.
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the service pack page.
https://www.manageengine.com/remote-monitoring-management/service-packs.html
For any further questions or concerns, please reach out to us at rmmcentral-support@manageengine.com