Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-38757
HistoryDec 23, 2022 - 4:15 p.m.

CVE-2022-38757

2022-12-2316:15:09
CWE-269
[email protected]
web.nvd.nist.gov
28
vulnerability
micro focus zenworks
cve-2022-38757
unauthorized access
administrator rights

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.

Affected configurations

NVD
Node
microfocuszenworksRange<2020
OR
microfocuszenworksMatch2020-
OR
microfocuszenworksMatch2020update1
OR
microfocuszenworksMatch2020update2
OR
microfocuszenworksMatch2020update3
OR
microfocuszenworksMatch2020update3a

CNA Affected

[
  {
    "vendor": "Micro Focus",
    "product": "ZENworks Configuration Management (ZCM)",
    "versions": [
      {
        "version": "ZENworks 2020",
        "status": "affected",
        "lessThanOrEqual": "Update 3a",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Micro Focus",
    "product": "ZENworks Asset Management",
    "versions": [
      {
        "version": "ZENworks 2020",
        "status": "affected",
        "lessThanOrEqual": "Update 3a",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Micro Focus",
    "product": "ZENworks Endpoint Security Management (ZESM)",
    "versions": [
      {
        "version": "ZENworks 2020",
        "status": "affected",
        "lessThanOrEqual": "Update 3a",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Micro Focus",
    "product": "ZENworks Patch Management (ZPM)",
    "versions": [
      {
        "version": "ZENworks 2020",
        "status": "affected",
        "lessThanOrEqual": "Update 3a",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2022-12-23 16:15:00
cvelist
cvelist
CVE-2022-38757 CVE-2022-38757 ZENworks
2022-12-23 00:00:00
nvd
nvd
CVE-2022-38757
2022-12-23 16:15:09

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON
Related for CVE-2022-38757
prion1cvelist1nvd1