Severity: Medium
CVE ID: CVE-2022-43473
Product name | Affected Version(s) | Fixed Version(s) | Fixed On |
---|---|---|---|
OpManager OpManager Plus OpManager MSP |
126168 and below | 126141 | 28-12-2022 |
126154 / 126169 | 30-12-2022 |
Details:
OpManager : Previously, there was an XML External Entity (XXE) vulnerability in UCS module. It has been fixed now.
This issue has been fixed by disabling XML entities while parsing XML response, because of which XML entities will not be invoked.
Impact:
Exploiting XMLs with vulnerable XML entity lead to the access of restricted resources.
Steps to upgrade:
Source and Acknowledgements
This vulnerability was reported by Cisco Talos-Marcin Nago. Find out more about CVE-2022-43473 from the CVE dictionary.
Kindly contact our product support team for further details, at the below mentioned email address: