ManageEngine.OpManager.handleBVAction.XXE

description-logoDescription

This indicates an attack attempt against an Information Disclosure vulnerability in Zoho ManageEngine OpManager.
The vulnerabilities is due to an error in the application when handling a crafted http request. A remote attacker can exploit this to gain unauthorized access to sensitive information, via a crafted http request.

affected-products-logoAffected Products

ManageEngine OpManager 12.3 prior to build 123214

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor supplied advisory for updates:
https://www.manageengine.com/network-monitoring/help/read-me.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-08-03 25.614 Name:ZOHO.
ManageEngine.
OpManager.
handleBVAction.
XXE:ManageEngine.
OpManager.
handleBVAction.
XXE
2020-09-30 16.934 Name:Zoho.
ManageEngine.
OpManager.
handleBVAction.
XXE:ZOHO.
ManageEngine.
OpManager.
handleBVAction.
XXE
2019-03-12 14.571 Default_action:pass:drop
2019-02-14 14.553