CVE-2023-4767
MEDIUMManageEngine Desktop Central <9.1.0 - CRLF Injection
Title source: llmDescription
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.
Scores
CVSS v3
6.1
EPSS
0.0136
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-93
CWE-74
Status
published
Products (1)
zohocorp/manageengine_desktop_central
9.1.0
Published
Nov 03, 2023
Tracked Since
Feb 18, 2026