Vulnerabilities > CVE-2022-38772 - Unspecified vulnerability in Zohocorp products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zohocorp

NVD

Published: 2022-08-29

Updated: 2022-09-02

Summary

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Opmanager 12.5 Zohocorp Manageengine Opmanager 12.6 Zohocorp Manageengine Network Configuration Manager 12.5 Zohocorp Manageengine Network Configuration Manager 12.6 Zohocorp Manageengine Netflow Analyzer 12.5 Zohocorp Manageengine Netflow Analyzer 12.6 Zohocorp Manageengine Oputils 12.6 Zohocorp Manageengine Oputils 12.5 Zohocorp Manageengine Opmanager MSP 12.5 Zohocorp Manageengine Opmanager MSP 12.6 Zohocorp Manageengine Opmanager Plus 12.6 Zohocorp Manageengine Opmanager Plus 12.5	208

Summary

Vulnerable Configurations

References