Lucene search
HistoryAug 10, 2022 - 8:16 p.m.
CVE-2022-37024
cve-2022-37024
zoho
manageengine
opmanager
opmanager plus
opmanager msp
network configuration manager
netflow analyzer
oputils
authenticated users
database changes
remote code execution
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.7%
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
Affected configurations
Node
zohocorpmanageengine_firewall_analyzerMatch12.5build125450
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125451
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125452
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125453
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125455
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125456
ORzohocorpmanageengine_firewall_analyzerMatch12.5build125664
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126000
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126001
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126100
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126101
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126102
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126103
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126113
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126114
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126115
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126116
ORzohocorpmanageengine_firewall_analyzerMatch12.6build126117
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125450
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125451
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125452
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125453
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125455
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125456
ORzohocorpmanageengine_netflow_analyzerMatch12.5build125664
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126000
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126001
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126100
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126101
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126102
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126103
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126113
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126114
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126115
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126116
ORzohocorpmanageengine_netflow_analyzerMatch12.6build126117
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125450
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125451
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125452
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125453
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125455
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125456
ORzohocorpmanageengine_network_configuration_managerMatch12.5build125664
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126000
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126001
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126100
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126101
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126102
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126103
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126113
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126114
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126115
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126116
ORzohocorpmanageengine_network_configuration_managerMatch12.6build126117
ORzohocorpmanageengine_opmanagerMatch12.5build125450
ORzohocorpmanageengine_opmanagerMatch12.5build125451
ORzohocorpmanageengine_opmanagerMatch12.5build125452
ORzohocorpmanageengine_opmanagerMatch12.5build125453
ORzohocorpmanageengine_opmanagerMatch12.5build125455
ORzohocorpmanageengine_opmanagerMatch12.5build125456
ORzohocorpmanageengine_opmanagerMatch12.5build125664
ORzohocorpmanageengine_opmanagerMatch12.6build126000
ORzohocorpmanageengine_opmanagerMatch12.6build126001
ORzohocorpmanageengine_opmanagerMatch12.6build126100
ORzohocorpmanageengine_opmanagerMatch12.6build126101
ORzohocorpmanageengine_opmanagerMatch12.6build126102
ORzohocorpmanageengine_opmanagerMatch12.6build126103
ORzohocorpmanageengine_opmanagerMatch12.6build126113
ORzohocorpmanageengine_opmanagerMatch12.6build126114
ORzohocorpmanageengine_opmanagerMatch12.6build126115
ORzohocorpmanageengine_opmanagerMatch12.6build126116
ORzohocorpmanageengine_opmanagerMatch12.6build126117
ORzohocorpmanageengine_opmanager_mspMatch12.5build125450
ORzohocorpmanageengine_opmanager_mspMatch12.5build125656
ORzohocorpmanageengine_opmanager_mspMatch12.5build125664
ORzohocorpmanageengine_opmanager_mspMatch12.6build126000
ORzohocorpmanageengine_opmanager_mspMatch12.6build126001
ORzohocorpmanageengine_opmanager_mspMatch12.6build126100
ORzohocorpmanageengine_opmanager_mspMatch12.6build126103
ORzohocorpmanageengine_opmanager_mspMatch12.6build126113
ORzohocorpmanageengine_opmanager_mspMatch12.6build126117
ORzohocorpmanageengine_opmanager_plusMatch12.5build125450
ORzohocorpmanageengine_opmanager_plusMatch12.5build125656
ORzohocorpmanageengine_opmanager_plusMatch12.5build125664
ORzohocorpmanageengine_opmanager_plusMatch12.6build126000
ORzohocorpmanageengine_opmanager_plusMatch12.6build126001
ORzohocorpmanageengine_opmanager_plusMatch12.6build126100
ORzohocorpmanageengine_opmanager_plusMatch12.6build126103
ORzohocorpmanageengine_opmanager_plusMatch12.6build126113
ORzohocorpmanageengine_opmanager_plusMatch12.6build126117
ORzohocorpmanageengine_oputilsMatch12.5build125450
ORzohocorpmanageengine_oputilsMatch12.5build125451
ORzohocorpmanageengine_oputilsMatch12.5build125452
ORzohocorpmanageengine_oputilsMatch12.5build125453
ORzohocorpmanageengine_oputilsMatch12.5build125455
ORzohocorpmanageengine_oputilsMatch12.5build125456
ORzohocorpmanageengine_oputilsMatch12.5build125664
ORzohocorpmanageengine_oputilsMatch12.6build126000
ORzohocorpmanageengine_oputilsMatch12.6build126001
ORzohocorpmanageengine_oputilsMatch12.6build126100
ORzohocorpmanageengine_oputilsMatch12.6build126101
ORzohocorpmanageengine_oputilsMatch12.6build126102
ORzohocorpmanageengine_oputilsMatch12.6build126103
ORzohocorpmanageengine_oputilsMatch12.6build126113
ORzohocorpmanageengine_oputilsMatch12.6build126114
ORzohocorpmanageengine_oputilsMatch12.6build126115
ORzohocorpmanageengine_oputilsMatch12.6build126116
ORzohocorpmanageengine_oputilsMatch12.6build126117
Social References
More
Related
prion
prion
Remote code execution
2022-08-10 20:16:00
zdi
zdi
cvelist
cvelist
CVE-2022-37024
2022-08-09 15:15:36
nvd
nvd
CVE-2022-37024
2022-08-10 20:16:05
nessus
nessus
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.7%
Related for CVE-2022-37024