CVE-2022-42904 β€” Command Injection in Manageengine Admanager Plus

CWE-77 β€” Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
79.4%
top 0.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Admanager Plus
Timeline
PublishedNov 18

Description

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-hp2j-5wrq-ph9f: Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings↗2022-11-18
β–Ά
CVEList
CVE-2022-42904: Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings↗2022-11-18
β–Ά
CVE-2022-42904 β€” Command Injection | cvebase