CVE-2023-22624 - Vulnerability Details - OpenCVE

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Zohocorp	Manageengine Exchange Reporter Plus

Configuration 1 [-]

OR	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus::::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706::::::
	cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707::::::

No data.

References

Link	Providers
https://www.manageengine.com/products/exchange-reports/advisory/CVE-2023-22624.html

History

Fri, 04 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-01-17T00:00:00.000Z

Updated: 2025-04-04T17:40:54.319Z

Reserved: 2023-01-05T00:00:00.000Z

Link: CVE-2023-22624

Vulnrichment

Updated: 2024-08-02T10:13:49.387Z

NVD

Status : Modified

Published: 2023-01-17T20:15:11.927

Modified: 2025-04-04T18:15:47.473

Link: CVE-2023-22624

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DA0580F-8167-450E-A1E9-0F1F7FC7E2C9", "versionEndExcluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5700:*:*:*:*:*:*", "matchCriteriaId": "E913F3D6-9F94-4130-94FF-37F4D81BAEF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5701:*:*:*:*:*:*", "matchCriteriaId": "34D23B58-2BB8-40EE-952C-1595988335CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5702:*:*:*:*:*:*", "matchCriteriaId": "322920C4-4487-4E44-9C40-2959F478A4FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5703:*:*:*:*:*:*", "matchCriteriaId": "3AD735B9-2CE2-46BA-9A14-A22E3FE21C6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5704:*:*:*:*:*:*", "matchCriteriaId": "014DB85C-DB28-4EBB-971A-6F8F964CE6FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5705:*:*:*:*:*:*", "matchCriteriaId": "5E9B0013-ABF8-4616-BC92-15DF9F5CB359", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5706:*:*:*:*:*:*", "matchCriteriaId": "5B744F32-FD43-47B8-875C-6777177677CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_exchange_reporter_plus:5.7:5707:*:*:*:*:*:*", "matchCriteriaId": "F1BB6EEA-2BAA-4C48-8DA8-1E87B3DE611F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks."}, {"lang": "es", "value": "Zoho ManageEngine Exchange Reporter Plus anterior a 5708 permite a los atacantes realizar ataques XXE."}], "id": "CVE-2023-22624", "lastModified": "2025-04-04T18:15:47.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-17T20:15:11.927", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/exchange-reports/advisory/CVE-2023-22624.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/products/exchange-reports/advisory/CVE-2023-22624.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}