Lucene search

[email protected]NVD:CVE-2022-36923

HistoryAug 10, 2022 - 8:16 p.m.

CVE-2022-36923

2022-08-1020:16:03

CWE-755

[email protected]

web.nvd.nist.gov

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user’s API key, and then access external APIs.

Affected configurations

NVD

Node

zohocorpmanageengine_firewall_analyzerMatch12.5build125450

zohocorpmanageengine_firewall_analyzerMatch12.5build125451

zohocorpmanageengine_firewall_analyzerMatch12.5build125452

zohocorpmanageengine_firewall_analyzerMatch12.5build125453

zohocorpmanageengine_firewall_analyzerMatch12.5build125455

zohocorpmanageengine_firewall_analyzerMatch12.5build125456

zohocorpmanageengine_firewall_analyzerMatch12.5build125664

zohocorpmanageengine_firewall_analyzerMatch12.6build126000

zohocorpmanageengine_firewall_analyzerMatch12.6build126001

zohocorpmanageengine_firewall_analyzerMatch12.6build126100

zohocorpmanageengine_firewall_analyzerMatch12.6build126101

zohocorpmanageengine_firewall_analyzerMatch12.6build126102

zohocorpmanageengine_firewall_analyzerMatch12.6build126103

zohocorpmanageengine_firewall_analyzerMatch12.6build126113

zohocorpmanageengine_firewall_analyzerMatch12.6build126114

zohocorpmanageengine_firewall_analyzerMatch12.6build126115

zohocorpmanageengine_firewall_analyzerMatch12.6build126116

zohocorpmanageengine_firewall_analyzerMatch12.6build126117

zohocorpmanageengine_netflow_analyzerMatch12.5build125450

zohocorpmanageengine_netflow_analyzerMatch12.5build125451

zohocorpmanageengine_netflow_analyzerMatch12.5build125452

zohocorpmanageengine_netflow_analyzerMatch12.5build125453

zohocorpmanageengine_netflow_analyzerMatch12.5build125455

zohocorpmanageengine_netflow_analyzerMatch12.5build125456

zohocorpmanageengine_netflow_analyzerMatch12.5build125664

zohocorpmanageengine_netflow_analyzerMatch12.6build126000

zohocorpmanageengine_netflow_analyzerMatch12.6build126001

zohocorpmanageengine_netflow_analyzerMatch12.6build126100

zohocorpmanageengine_netflow_analyzerMatch12.6build126101

zohocorpmanageengine_netflow_analyzerMatch12.6build126102

zohocorpmanageengine_netflow_analyzerMatch12.6build126103

zohocorpmanageengine_netflow_analyzerMatch12.6build126113

zohocorpmanageengine_netflow_analyzerMatch12.6build126114

zohocorpmanageengine_netflow_analyzerMatch12.6build126115

zohocorpmanageengine_netflow_analyzerMatch12.6build126116

zohocorpmanageengine_netflow_analyzerMatch12.6build126117

zohocorpmanageengine_network_configuration_managerMatch12.5build125450

zohocorpmanageengine_network_configuration_managerMatch12.5build125451

zohocorpmanageengine_network_configuration_managerMatch12.5build125452

zohocorpmanageengine_network_configuration_managerMatch12.5build125453

zohocorpmanageengine_network_configuration_managerMatch12.5build125455

zohocorpmanageengine_network_configuration_managerMatch12.5build125456

zohocorpmanageengine_network_configuration_managerMatch12.5build125664

zohocorpmanageengine_network_configuration_managerMatch12.6build126000

zohocorpmanageengine_network_configuration_managerMatch12.6build126001

zohocorpmanageengine_network_configuration_managerMatch12.6build126100

zohocorpmanageengine_network_configuration_managerMatch12.6build126101

zohocorpmanageengine_network_configuration_managerMatch12.6build126102

zohocorpmanageengine_network_configuration_managerMatch12.6build126103

zohocorpmanageengine_network_configuration_managerMatch12.6build126113

zohocorpmanageengine_network_configuration_managerMatch12.6build126114

zohocorpmanageengine_network_configuration_managerMatch12.6build126115

zohocorpmanageengine_network_configuration_managerMatch12.6build126116

zohocorpmanageengine_network_configuration_managerMatch12.6build126117

zohocorpmanageengine_opmanagerMatch12.5build125450

zohocorpmanageengine_opmanagerMatch12.5build125451

zohocorpmanageengine_opmanagerMatch12.5build125452

zohocorpmanageengine_opmanagerMatch12.5build125453

zohocorpmanageengine_opmanagerMatch12.5build125455

zohocorpmanageengine_opmanagerMatch12.5build125456

zohocorpmanageengine_opmanagerMatch12.5build125664

zohocorpmanageengine_opmanagerMatch12.6build126000

zohocorpmanageengine_opmanagerMatch12.6build126001

zohocorpmanageengine_opmanagerMatch12.6build126100

zohocorpmanageengine_opmanagerMatch12.6build126101

zohocorpmanageengine_opmanagerMatch12.6build126102

zohocorpmanageengine_opmanagerMatch12.6build126103

zohocorpmanageengine_opmanagerMatch12.6build126113

zohocorpmanageengine_opmanagerMatch12.6build126114

zohocorpmanageengine_opmanagerMatch12.6build126115

zohocorpmanageengine_opmanagerMatch12.6build126116

zohocorpmanageengine_opmanagerMatch12.6build126117

zohocorpmanageengine_opmanager_mspMatch12.5build125450

zohocorpmanageengine_opmanager_mspMatch12.5build125656

zohocorpmanageengine_opmanager_mspMatch12.5build125664

zohocorpmanageengine_opmanager_mspMatch12.6build126000

zohocorpmanageengine_opmanager_mspMatch12.6build126001

zohocorpmanageengine_opmanager_mspMatch12.6build126100

zohocorpmanageengine_opmanager_mspMatch12.6build126103

zohocorpmanageengine_opmanager_mspMatch12.6build126113

zohocorpmanageengine_opmanager_mspMatch12.6build126117

zohocorpmanageengine_opmanager_plusMatch12.5build125450

zohocorpmanageengine_opmanager_plusMatch12.5build125656

zohocorpmanageengine_opmanager_plusMatch12.5build125664

zohocorpmanageengine_opmanager_plusMatch12.6build126000

zohocorpmanageengine_opmanager_plusMatch12.6build126001

zohocorpmanageengine_opmanager_plusMatch12.6build126100

zohocorpmanageengine_opmanager_plusMatch12.6build126103

zohocorpmanageengine_opmanager_plusMatch12.6build126113

zohocorpmanageengine_opmanager_plusMatch12.6build126117

zohocorpmanageengine_oputilsMatch12.5build125450

zohocorpmanageengine_oputilsMatch12.5build125451

zohocorpmanageengine_oputilsMatch12.5build125452

zohocorpmanageengine_oputilsMatch12.5build125453

zohocorpmanageengine_oputilsMatch12.5build125455

zohocorpmanageengine_oputilsMatch12.5build125456

zohocorpmanageengine_oputilsMatch12.5build125664

zohocorpmanageengine_oputilsMatch12.6build126000

zohocorpmanageengine_oputilsMatch12.6build126001

zohocorpmanageengine_oputilsMatch12.6build126100

zohocorpmanageengine_oputilsMatch12.6build126101

zohocorpmanageengine_oputilsMatch12.6build126102

zohocorpmanageengine_oputilsMatch12.6build126103

zohocorpmanageengine_oputilsMatch12.6build126113

zohocorpmanageengine_oputilsMatch12.6build126114

zohocorpmanageengine_oputilsMatch12.6build126115

zohocorpmanageengine_oputilsMatch12.6build126116

zohocorpmanageengine_oputilsMatch12.6build126117

References

www.manageengine.com/itom/advisory/cve-2022-36923.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for NVD:CVE-2022-36923

nessus5 zdi4 cvelist1 cve1 prion1