CVE-2022-35404

CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

8.2HIGH

EPSS

1.1%

top 21.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Firewall Analyzer Zohocorp Manageengine Netflow Analyzer Zohocorp Manageengine Network Configuration Manager +1 more

Timeline

PublishedJul 18

Latest updateJul 19

Description

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages4 packages

▶NVDzohocorp/manageengine_opmanager< 12.5+1

▶NVDzohocorp/manageengine_network_configuration_manager< 12.5+1

▶NVDzohocorp/manageengine_netflow_analyzer< 12.5+1

▶NVDzohocorp/manageengine_firewall_analyzer< 12.5+1

Patches

Patch: www.manageengine.com ↗Patch: www.manageengine.com ↗

🔴Vulnerability Details

GHSA

GHSA-vcmg-67gw-xr96: ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a serve↗2022-07-19

▶

CVEList

CVE-2022-35404: ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a serve↗2022-07-18

▶