CVE-2023-4769

Name of the Vulnerable Software and Affected Versions ManageEngine Desktop Central version 9.1.0

Description A Server-Side Request Forgery (SSRF) vulnerability has been found, specifically affecting the /smtpConfig.do component. This issue could allow an authenticated attacker to launch targeted attacks, such as cross-port attacks, service enumeration, and other attacks via HTTP requests.

Recommendations For version 9.1.0, consider disabling access to the /smtpConfig.do component as a temporary workaround until a patch is available. Restricting the use of this component can help minimize the risk of exploitation.