Vulnerabilities > CVE-2022-36923 - Improper Handling of Exceptional Conditions vulnerability in Zohocorp products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zohocorp

CWE-755

NVD

Published: 2022-08-10

Updated: 2022-08-16

Summary

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Opmanager 12.5 Zohocorp Manageengine Opmanager 12.6 Zohocorp Manageengine Network Configuration Manager 12.5 Zohocorp Manageengine Network Configuration Manager 12.6 Zohocorp Manageengine Firewall Analyzer 12.5 Zohocorp Manageengine Firewall Analyzer 12.6 Zohocorp Manageengine Netflow Analyzer 12.5 Zohocorp Manageengine Netflow Analyzer 12.6 Zohocorp Manageengine Oputils 12.6 Zohocorp Manageengine Oputils 12.5 Zohocorp Manageengine Opmanager MSP 12.5 Zohocorp Manageengine Opmanager MSP 12.6 Zohocorp Manageengine Opmanager Plus 12.6 Zohocorp Manageengine Opmanager Plus 12.5	108

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://www.manageengine.com/itom/advisory/cve-2022-36923.html