CVE-2022-37024

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
zohocorpmanageengine_firewall_analyzer
12.5:build125450
zohocorpmanageengine_firewall_analyzer
12.5:build125451
zohocorpmanageengine_firewall_analyzer
12.5:build125452
zohocorpmanageengine_firewall_analyzer
12.5:build125453
zohocorpmanageengine_firewall_analyzer
12.5:build125455
zohocorpmanageengine_firewall_analyzer
12.5:build125456
zohocorpmanageengine_firewall_analyzer
12.5:build125664
zohocorpmanageengine_firewall_analyzer
12.6:build126000
zohocorpmanageengine_firewall_analyzer
12.6:build126001
zohocorpmanageengine_firewall_analyzer
12.6:build126100
zohocorpmanageengine_firewall_analyzer
12.6:build126101
zohocorpmanageengine_firewall_analyzer
12.6:build126102
zohocorpmanageengine_firewall_analyzer
12.6:build126103
zohocorpmanageengine_firewall_analyzer
12.6:build126113
zohocorpmanageengine_firewall_analyzer
12.6:build126114
zohocorpmanageengine_firewall_analyzer
12.6:build126115
zohocorpmanageengine_firewall_analyzer
12.6:build126116
zohocorpmanageengine_firewall_analyzer
12.6:build126117
zohocorpmanageengine_netflow_analyzer
12.5:build125450
zohocorpmanageengine_netflow_analyzer
12.5:build125451
zohocorpmanageengine_netflow_analyzer
12.5:build125452
zohocorpmanageengine_netflow_analyzer
12.5:build125453
zohocorpmanageengine_netflow_analyzer
12.5:build125455
zohocorpmanageengine_netflow_analyzer
12.5:build125456
zohocorpmanageengine_netflow_analyzer
12.5:build125664
zohocorpmanageengine_netflow_analyzer
12.6:build126000
zohocorpmanageengine_netflow_analyzer
12.6:build126001
zohocorpmanageengine_netflow_analyzer
12.6:build126100
zohocorpmanageengine_netflow_analyzer
12.6:build126101
zohocorpmanageengine_netflow_analyzer
12.6:build126102
zohocorpmanageengine_netflow_analyzer
12.6:build126103
zohocorpmanageengine_netflow_analyzer
12.6:build126113
zohocorpmanageengine_netflow_analyzer
12.6:build126114
zohocorpmanageengine_netflow_analyzer
12.6:build126115
zohocorpmanageengine_netflow_analyzer
12.6:build126116
zohocorpmanageengine_netflow_analyzer
12.6:build126117
zohocorpmanageengine_network_configuration_manager
12.5:build125450
zohocorpmanageengine_network_configuration_manager
12.5:build125451
zohocorpmanageengine_network_configuration_manager
12.5:build125452
zohocorpmanageengine_network_configuration_manager
12.5:build125453
zohocorpmanageengine_network_configuration_manager
12.5:build125455
zohocorpmanageengine_network_configuration_manager
12.5:build125456
zohocorpmanageengine_network_configuration_manager
12.5:build125664
zohocorpmanageengine_network_configuration_manager
12.6:build126000
zohocorpmanageengine_network_configuration_manager
12.6:build126001
zohocorpmanageengine_network_configuration_manager
12.6:build126100
zohocorpmanageengine_network_configuration_manager
12.6:build126101
zohocorpmanageengine_network_configuration_manager
12.6:build126102
zohocorpmanageengine_network_configuration_manager
12.6:build126103
zohocorpmanageengine_network_configuration_manager
12.6:build126113
zohocorpmanageengine_network_configuration_manager
12.6:build126114
zohocorpmanageengine_network_configuration_manager
12.6:build126115
zohocorpmanageengine_network_configuration_manager
12.6:build126116
zohocorpmanageengine_network_configuration_manager
12.6:build126117
zohocorpmanageengine_opmanager
12.5:build125450
zohocorpmanageengine_opmanager
12.5:build125451
zohocorpmanageengine_opmanager
12.5:build125452
zohocorpmanageengine_opmanager
12.5:build125453
zohocorpmanageengine_opmanager
12.5:build125455
zohocorpmanageengine_opmanager
12.5:build125456
zohocorpmanageengine_opmanager
12.5:build125664
zohocorpmanageengine_opmanager
12.6:build126000
zohocorpmanageengine_opmanager
12.6:build126001
zohocorpmanageengine_opmanager
12.6:build126100
zohocorpmanageengine_opmanager
12.6:build126101
zohocorpmanageengine_opmanager
12.6:build126102
zohocorpmanageengine_opmanager
12.6:build126103
zohocorpmanageengine_opmanager
12.6:build126113
zohocorpmanageengine_opmanager
12.6:build126114
zohocorpmanageengine_opmanager
12.6:build126115
zohocorpmanageengine_opmanager
12.6:build126116
zohocorpmanageengine_opmanager
12.6:build126117
zohocorpmanageengine_opmanager_msp
12.5:build125450
zohocorpmanageengine_opmanager_msp
12.5:build125656
zohocorpmanageengine_opmanager_msp
12.5:build125664
zohocorpmanageengine_opmanager_msp
12.6:build126000
zohocorpmanageengine_opmanager_msp
12.6:build126001
zohocorpmanageengine_opmanager_msp
12.6:build126100
zohocorpmanageengine_opmanager_msp
12.6:build126103
zohocorpmanageengine_opmanager_msp
12.6:build126113
zohocorpmanageengine_opmanager_msp
12.6:build126117
zohocorpmanageengine_opmanager_plus
12.5:build125450
zohocorpmanageengine_opmanager_plus
12.5:build125656
zohocorpmanageengine_opmanager_plus
12.5:build125664
zohocorpmanageengine_opmanager_plus
12.6:build126000
zohocorpmanageengine_opmanager_plus
12.6:build126001
zohocorpmanageengine_opmanager_plus
12.6:build126100
zohocorpmanageengine_opmanager_plus
12.6:build126103
zohocorpmanageengine_opmanager_plus
12.6:build126113
zohocorpmanageengine_opmanager_plus
12.6:build126117
zohocorpmanageengine_oputils
12.5:build125450
zohocorpmanageengine_oputils
12.5:build125451
zohocorpmanageengine_oputils
12.5:build125452
zohocorpmanageengine_oputils
12.5:build125453
zohocorpmanageengine_oputils
12.5:build125455
zohocorpmanageengine_oputils
12.5:build125456
zohocorpmanageengine_oputils
12.5:build125664
zohocorpmanageengine_oputils
12.6:build126000
zohocorpmanageengine_oputils
12.6:build126001
zohocorpmanageengine_oputils
12.6:build126100
zohocorpmanageengine_oputils
12.6:build126101
zohocorpmanageengine_oputils
12.6:build126102
zohocorpmanageengine_oputils
12.6:build126103
zohocorpmanageengine_oputils
12.6:build126113
zohocorpmanageengine_oputils
12.6:build126114
zohocorpmanageengine_oputils
12.6:build126115
zohocorpmanageengine_oputils
12.6:build126116
zohocorpmanageengine_oputils
12.6:build126117
𝑥
= Vulnerable software versions
References
https://www.manageengine.com/itom/advisory/cve-2022-37024.html
https://www.manageengine.com/itom/advisory/cve-2022-37024.html