Description

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.

Related CPE's

a

zohocorp

manageengine_netflow_analyzer

42

a

zohocorp

manageengine_network_configuration_manager

44

a

zohocorp

manageengine_opmanager

74

a

zohocorp

manageengine_opmanager_msp

13

a

zohocorp

manageengine_opmanager_plus

13

a

zohocorp

manageengine_oputils

22

References

https://manageengine.com

Vendor Advisory

https://www.manageengine.com/itom/advisory/cve-2022-38772.html

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-08-29T21:15:09.227

2 years ago

Last modified

2022-09-02T19:47:50.700

2 years ago