CVE-2023-29084

Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.

Published: 2023-04-13 Last update: 2025-02-07 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2023-29084 is rated Moderate Risk (64.1/100): CVSS High severity, with high exploitation likelihood (EPSS 93.88%, 100th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. High exploitation likelihood—assess exposure and prioritize remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2023-29084

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-21 93.49% 93.88% +0.39%
2 2025-11-18 93.88% 93.49% -0.39%
3 2025-10-22 93.88%

Full EPSS history (55 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-29084

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.2 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.2 5.9 [email protected]
7.2 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 1.2 5.9 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2023-29084

Affected software / configurations for CVE-2023-29084

Vendor Product Version Raw CPE
zohocorp manageengine_admanager_plus < 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7162:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7163:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7170:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7171:*:*:*:*:*:*
zohocorp manageengine_admanager_plus 7.1 cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7180:*:*:*:*:*:*

References for CVE-2023-29084

cvelogic Threat Intelligence