Lucene search
HistoryAug 10, 2022 - 8:16 p.m.
CVE-2022-36923
zoho
manageengine
opmanager
opmanager plus
opmanager msp
network configuration manager
netflow analyzer
firewall analyzer
oputils
cve-2022-36923
nvd
api key
unauthenticated attackers
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.3%
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user’s API key, and then access external APIs.
Affected configurations
Node
zohocorpmanageengine_firewall_analyzerMatch12.5build125450
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125451
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125452
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125453
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125455
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125456
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125664
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126000
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126001
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126100
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126101
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126102
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126103
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126113
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126114
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126115
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126116
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126117
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125450
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125451
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125452
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125453
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125455
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125456
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125664
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126000
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126001
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126100
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126101
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126102
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126103
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126113
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126114
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126115
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126116
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126117
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125450
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125451
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125452
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125453
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125455
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125456
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125664
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126000
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126001
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126100
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126101
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126102
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126103
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126113
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126114
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126115
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126116
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126117
ORzohocorpmanageengine_opmanagerMatch12.5build125450
ORzohocorpmanageengine_opmanagerMatch12.5build125451
ORzohocorpmanageengine_opmanagerMatch12.5build125452
ORzohocorpmanageengine_opmanagerMatch12.5build125453
ORzohocorpmanageengine_opmanagerMatch12.5build125455
ORzohocorpmanageengine_opmanagerMatch12.5build125456
ORzohocorpmanageengine_opmanagerMatch12.5build125664
ORzohocorpmanageengine_opmanagerMatch12.6build126000
ORzohocorpmanageengine_opmanagerMatch12.6build126001
ORzohocorpmanageengine_opmanagerMatch12.6build126100
ORzohocorpmanageengine_opmanagerMatch12.6build126101
ORzohocorpmanageengine_opmanagerMatch12.6build126102
ORzohocorpmanageengine_opmanagerMatch12.6build126103
ORzohocorpmanageengine_opmanagerMatch12.6build126113
ORzohocorpmanageengine_opmanagerMatch12.6build126114
ORzohocorpmanageengine_opmanagerMatch12.6build126115
ORzohocorpmanageengine_opmanagerMatch12.6build126116
ORzohocorpmanageengine_opmanagerMatch12.6build126117
ORzohocorpmanageengine_opmanager_mspMatch12.5build125450
ORzohocorpmanageengine_opmanager_mspMatch12.5build125656
ORzohocorpmanageengine_opmanager_mspMatch12.5build125664
ORzohocorpmanageengine_opmanager_mspMatch12.6build126000
ORzohocorpmanageengine_opmanager_mspMatch12.6build126001
ORzohocorpmanageengine_opmanager_mspMatch12.6build126100
ORzohocorpmanageengine_opmanager_mspMatch12.6build126103
ORzohocorpmanageengine_opmanager_mspMatch12.6build126113
ORzohocorpmanageengine_opmanager_mspMatch12.6build126117
ORzohocorpmanageengine_opmanager_plusMatch12.5build125450
ORzohocorpmanageengine_opmanager_plusMatch12.5build125656
ORzohocorpmanageengine_opmanager_plusMatch12.5build125664
ORzohocorpmanageengine_opmanager_plusMatch12.6build126000
ORzohocorpmanageengine_opmanager_plusMatch12.6build126001
ORzohocorpmanageengine_opmanager_plusMatch12.6build126100
ORzohocorpmanageengine_opmanager_plusMatch12.6build126103
ORzohocorpmanageengine_opmanager_plusMatch12.6build126113
ORzohocorpmanageengine_opmanager_plusMatch12.6build126117
ORzohocorpmanageengine_oputilsMatch12.5build125450
ORzohocorpmanageengine_oputilsMatch12.5build125451
ORzohocorpmanageengine_oputilsMatch12.5build125452
ORzohocorpmanageengine_oputilsMatch12.5build125453
ORzohocorpmanageengine_oputilsMatch12.5build125455
ORzohocorpmanageengine_oputilsMatch12.5build125456
ORzohocorpmanageengine_oputilsMatch12.5build125664
ORzohocorpmanageengine_oputilsMatch12.6build126000
ORzohocorpmanageengine_oputilsMatch12.6build126001
ORzohocorpmanageengine_oputilsMatch12.6build126100
ORzohocorpmanageengine_oputilsMatch12.6build126101
ORzohocorpmanageengine_oputilsMatch12.6build126102
ORzohocorpmanageengine_oputilsMatch12.6build126103
ORzohocorpmanageengine_oputilsMatch12.6build126113
ORzohocorpmanageengine_oputilsMatch12.6build126114
ORzohocorpmanageengine_oputilsMatch12.6build126115
ORzohocorpmanageengine_oputilsMatch12.6build126116
ORzohocorpmanageengine_oputilsMatch12.6build126117
Social References
More
Related
nessus
nessus
ManageEngine Firewall Analyzer 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass
2022-08-26 00:00:00
ManageEngine NCM 12.5.x < 12.5.657 / 12.6.x < 12.6.002 / 12.6.104 / 12.6.118 Authenticate Bypass
2022-08-26 00:00:00
ManageEngine Firewall Analyzer REST API Key Disclosure (CVE-2022-36923)
2023-02-24 00:00:00
zdi
zdi
nvd
nvd
CVE-2022-36923
2022-08-10 20:16:03
cvelist
cvelist
CVE-2022-36923
2022-08-10 14:17:09
prion
prion
Design/Logic Flaw
2022-08-10 20:16:00
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.3 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.3%
Related for CVE-2022-36923