Cyber Resilience

CVE-2023-28340

Medium

Published: 11 April 2023

Published
11 April 2023
Modified
10 February 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0767 92.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-28340 is a medium-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Zohocorp Manageengine Applications Manager. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Zoho ManageEngine Applications Manager through version 16320 contains an XML External Entity vulnerability, identified as CVE-2023-28340 and assigned CWE-611. The flaw received a CVSS 3.1 base score of 6.5 reflecting a network attack vector, low attack complexity, and high privileges required, with impacts limited to confidentiality and integrity.

An authenticated administrator can supply malicious XML content to conduct an XXE attack, enabling unauthorized disclosure or modification of files and internal resources accessible to the application. No user interaction is needed for successful exploitation.

Vendor advisories hosted on manageengine.com direct administrators to apply the security updates listed for CVE-2023-28340, which address the issue in the affected product versions.

The associated EPSS score has remained flat at 0.0767 with no material rise after disclosure.

EU & UK References

Vulnerability details

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

zohocorp
manageengine applications manager
16.3 · ≤ 16.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-611

Penetration testing includes XML external entity payloads, detecting XXE vulnerabilities and enabling their mitigation.

addresses: CWE-611

Identifies XML external entity processing via monitoring of unusual file/network access or resource usage.

References