CVE-2022-23050

EUVD-2022-28160
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
zohocorpmanageengine_applications_manager
15.0 ≤
𝑥
< 15.5
zohocorpmanageengine_applications_manager
15.5
zohocorpmanageengine_applications_manager
15.5:build15500
zohocorpmanageengine_applications_manager
15.5:build15510
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fluidattacks.com/advisories/cerati/
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html
https://fluidattacks.com/advisories/cerati/
https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2022-23050.html