CVE-2022-37024

3 documents3 sources

Severity

8.8HIGH

EPSS

51.2%

top 2.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Firewall Analyzer Zohocorp Manageengine Netflow Analyzer Zohocorp Manageengine Network Configuration Manager +4 more

Timeline

PublishedAug 10

Latest updateAug 11

Description

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶NVDzohocorp/manageengine_opmanager_plus12.5, 12.6+1

▶NVDzohocorp/manageengine_opmanager12.5, 12.6+1

▶NVDzohocorp/manageengine_opmanager_msp12.5, 12.6+1

▶NVDzohocorp/manageengine_network_configuration_manager12.5, 12.6+1

▶NVDzohocorp/manageengine_netflow_analyzer12.5, 12.6+1

🔴Vulnerability Details

GHSA

GHSA-hm5j-w2qf-6392: Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 202↗2022-08-11

▶

CVEList

CVE-2022-37024: Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 202↗2022-08-09

▶