XML External Entity (XXE) Vulnerability - CVE-2022-43473

Severity: Medium

CVE ID: CVE-2022-43473

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
126168 and below 126141 28-12-2022
126154 / 126169 30-12-2022

Details:

OpManager : Previously, there was an XML External Entity (XXE) vulnerability in UCS module. It has been fixed now.

This issue has been fixed by disabling XML entities while parsing XML response, because of which XML entities will not be invoked.

Impact:

Exploiting XMLs with vulnerable XML entity lead to the access of restricted resources.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from here.
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above step.

Source and Acknowledgements

This vulnerability was reported by Cisco Talos-Marcin Nago. Find out more about CVE-2022-43473 from the CVE dictionary.

Kindly contact our product support team for further details, at the below mentioned email address:

 

 
 Pricing  Get Quote