A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Manageengine_opmanager | Zohocorp | * | 12.6 (excluding) |
| Manageengine_opmanager | Zohocorp | 12.6-build126000 (including) | 12.6-build126000 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126001 (including) | 12.6-build126001 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126002 (including) | 12.6-build126002 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126004 (including) | 12.6-build126004 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126005 (including) | 12.6-build126005 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126100 (including) | 12.6-build126100 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126101 (including) | 12.6-build126101 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126102 (including) | 12.6-build126102 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126103 (including) | 12.6-build126103 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126104 (including) | 12.6-build126104 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126107 (including) | 12.6-build126107 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126108 (including) | 12.6-build126108 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126109 (including) | 12.6-build126109 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126110 (including) | 12.6-build126110 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126113 (including) | 12.6-build126113 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126114 (including) | 12.6-build126114 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126115 (including) | 12.6-build126115 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126116 (including) | 12.6-build126116 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126117 (including) | 12.6-build126117 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126118 (including) | 12.6-build126118 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126119 (including) | 12.6-build126119 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126120 (including) | 12.6-build126120 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126121 (including) | 12.6-build126121 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126122 (including) | 12.6-build126122 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126130 (including) | 12.6-build126130 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126131 (including) | 12.6-build126131 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126132 (including) | 12.6-build126132 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126134 (including) | 12.6-build126134 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126135 (including) | 12.6-build126135 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126136 (including) | 12.6-build126136 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126139 (including) | 12.6-build126139 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126141 (including) | 12.6-build126141 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126147 (including) | 12.6-build126147 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126148 (including) | 12.6-build126148 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126149 (including) | 12.6-build126149 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126150 (including) | 12.6-build126150 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126151 (including) | 12.6-build126151 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126154 (including) | 12.6-build126154 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126155 (including) | 12.6-build126155 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126162 (including) | 12.6-build126162 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126163 (including) | 12.6-build126163 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126164 (including) | 12.6-build126164 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126165 (including) | 12.6-build126165 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126166 (including) | 12.6-build126166 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126167 (including) | 12.6-build126167 (including) |
| Manageengine_opmanager | Zohocorp | 12.6-build126168 (including) | 12.6-build126168 (including) |