ManageEngine.OpManager.handleBVAction.XXE
Description
This indicates an attack attempt against an Information Disclosure vulnerability in Zoho ManageEngine OpManager.
The vulnerabilities is due to an error in the application when handling a crafted http request. A remote attacker can exploit this to gain unauthorized access to sensitive information, via a crafted http request.
Affected Products
ManageEngine OpManager 12.3 prior to build 123214
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Refer to the vendor supplied advisory for updates:
https://www.manageengine.com/network-monitoring/help/read-me.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2023-08-03 | 25.614 | Name:ZOHO. ManageEngine. OpManager. handleBVAction. XXE:ManageEngine. OpManager. handleBVAction. XXE |
2020-09-30 | 16.934 | Name:Zoho. ManageEngine. OpManager. handleBVAction. XXE:ZOHO. ManageEngine. OpManager. handleBVAction. XXE |
2019-03-12 | 14.571 | Default_action:pass:drop |
2019-02-14 | 14.553 |