CVE-2022-42904

Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
zohocorpmanageengine_admanager_plus
𝑥
< 7.1
zohocorpmanageengine_admanager_plus
7.1
zohocorpmanageengine_admanager_plus
7.1:7100
zohocorpmanageengine_admanager_plus
7.1:7101
zohocorpmanageengine_admanager_plus
7.1:7102
zohocorpmanageengine_admanager_plus
7.1:7110
zohocorpmanageengine_admanager_plus
7.1:7111
zohocorpmanageengine_admanager_plus
7.1:7112
zohocorpmanageengine_admanager_plus
7.1:7113
zohocorpmanageengine_admanager_plus
7.1:7114
zohocorpmanageengine_admanager_plus
7.1:7115
zohocorpmanageengine_admanager_plus
7.1:7116
zohocorpmanageengine_admanager_plus
7.1:7117
zohocorpmanageengine_admanager_plus
7.1:7118
zohocorpmanageengine_admanager_plus
7.1:7120
zohocorpmanageengine_admanager_plus
7.1:7121
zohocorpmanageengine_admanager_plus
7.1:7122
zohocorpmanageengine_admanager_plus
7.1:7123
zohocorpmanageengine_admanager_plus
7.1:7124
zohocorpmanageengine_admanager_plus
7.1:7125
zohocorpmanageengine_admanager_plus
7.1:7126
zohocorpmanageengine_admanager_plus
7.1:7130
zohocorpmanageengine_admanager_plus
7.1:7131
zohocorpmanageengine_admanager_plus
7.1:7140
zohocorpmanageengine_admanager_plus
7.1:7141
zohocorpmanageengine_admanager_plus
7.1:7150
zohocorpmanageengine_admanager_plus
7.1:7151
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2022-42904.html