PT-2023-22287 · Zoho · Zoho Manageengine Network Configuration Manager
Published
2023-08-04
·
Updated
2023-08-10
·
CVE-2023-29505
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoho ManageEngine Network Configuration Manager version 12.6.165
Description
An issue was discovered in the WebSocket endpoint, allowing Cross-site WebSocket hijacking.
Recommendations
For Zoho ManageEngine Network Configuration Manager version 12.6.165, consider restricting access to the WebSocket endpoint as a temporary workaround until a patch is available.
Fix
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Network Configuration Manager