CVE-2023-4767 | Improper Neutralization of CRLF Sequences in ManageEngine Desktop Central
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.
Conclusion & alert: CVE-2023-4767 is rated Moderate Risk (56/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.87%).Core evidence: EPSS rose +1.87% over the last day, indicating growing attacker interest.Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2023-4767
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).