We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-4767

Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central



AssignerINCIBE
Reserved2023-09-05
Published2023-11-03
Updated2024-09-05

Description

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.



MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

Product status

Default status
0x400352ef90

9.1.0
affected

Credits

Rafael Pedrero 0x400352efc0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-manageengine-desktop-central

cve.org CVE-2023-4767

nvd.nist.gov CVE-2023-4767

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-4767
Subscribe to our newsletter to learn more about our work.