Vulnerabilites related to ManageEngine - OpManager
cve-2024-36038
Vulnerability from cvelistv5
Published
2024-06-24 11:45
Modified
2024-08-02 03:30
Severity ?
EPSS score ?
Summary
Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | OpManager |
Version: 128234 cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128248:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T13:18:09.910935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T13:18:16.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/itom/advisory/cve-2024-36038.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/network-monitoring/download.html",
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.8:build128248:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "OpManager",
"vendor": "ManageEngine",
"versions": [
{
"lessThan": "128248",
"status": "affected",
"version": "128234",
"versionType": "128248"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zoho ManageEngine ITOM products versions from\u0026nbsp;128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option."
}
],
"value": "Zoho ManageEngine ITOM products versions from\u00a0128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T11:45:11.075Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/itom/advisory/cve-2024-36038.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-36038",
"datePublished": "2024-06-24T11:45:11.075Z",
"dateReserved": "2024-05-17T19:23:57.540Z",
"dateUpdated": "2024-08-02T03:30:12.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47211
Vulnerability from cvelistv5
Published
2024-01-08 14:45
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | OpManager |
Version: 12.7.258 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851"
},
{
"name": "https://www.manageengine.com/itom/advisory/cve-2023-47211.html",
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/itom/advisory/cve-2023-47211.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpManager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": "12.7.258"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Marcin \u0026#39;Icewall\u0026#39; Noga of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T18:00:25.765Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1851"
},
{
"name": "https://www.manageengine.com/itom/advisory/cve-2023-47211.html",
"url": "https://www.manageengine.com/itom/advisory/cve-2023-47211.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-47211",
"datePublished": "2024-01-08T14:45:37.183Z",
"dateReserved": "2023-11-07T15:35:52.521Z",
"dateUpdated": "2024-08-02T21:01:22.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-19554
Vulnerability from cvelistv5
Published
2021-09-21 19:07
Modified
2024-08-04 14:15
Severity ?
EPSS score ?
Summary
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:27.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager \u003c=12.5.174 when the API key contains an XML-based XSS payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T19:07:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager \u003c=12.5.174 when the API key contains an XML-based XSS payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177",
"refsource": "MISC",
"url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19554",
"datePublished": "2021-09-21T19:07:47",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:27.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5891
Vulnerability from cvelistv5
Published
2007-11-08 02:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/26368 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27456 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/38437 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38314 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26368",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26368"
},
{
"name": "27456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27456"
},
{
"name": "38437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38437"
},
{
"name": "manageengine-opmanager-login-xss(38314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38314"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26368",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26368"
},
{
"name": "27456",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27456"
},
{
"name": "38437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38437"
},
{
"name": "manageengine-opmanager-login-xss(38314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38314"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26368"
},
{
"name": "27456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27456"
},
{
"name": "38437",
"refsource": "OSVDB",
"url": "http://osvdb.org/38437"
},
{
"name": "manageengine-opmanager-login-xss(38314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38314"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5891",
"datePublished": "2007-11-08T02:00:00",
"dateReserved": "2007-11-07T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43473
Vulnerability from cvelistv5
Published
2023-03-30 16:28
Modified
2025-02-11 19:14
Severity ?
EPSS score ?
Summary
A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve
a malicious XML payload to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | OpManager |
Version: 12.6.168 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1685"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685"
},
{
"name": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html",
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43473",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:13:55.362515Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:14:03.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OpManager",
"vendor": "ManageEngine",
"versions": [
{
"status": "affected",
"version": " 12.6.168"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve \r\na malicious XML payload to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-30T16:28:35.983Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1685"
},
{
"name": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html",
"url": "https://www.manageengine.com/itom/advisory/cve-2022-43473.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2022-43473",
"datePublished": "2023-03-30T16:28:35.983Z",
"dateReserved": "2022-12-05T20:53:36.058Z",
"dateUpdated": "2025-02-11T19:14:03.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-6748
Vulnerability from cvelistv5
Published
2024-07-29 16:20
Modified
2024-08-01 21:41
Severity ?
EPSS score ?
Summary
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ManageEngine | OpManager |
Version: 0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_opmanager",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "128317",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_opmanager_plus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_opmanager_plus",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "128317",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_opmanager_msp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_opmanager_msp",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "128317",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zohocorp:manageengine_opmanager_rmm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "manageengine_opmanager_rmm",
"vendor": "zohocorp",
"versions": [
{
"lessThanOrEqual": "128317",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T17:36:02.818649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T20:22:16.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:04.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.manageengine.com/itom/advisory/cve-2024-6748.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.manageengine.com/",
"defaultStatus": "unaffected",
"product": "OpManager",
"vendor": "ManageEngine",
"versions": [
{
"lessThanOrEqual": "128317",
"status": "affected",
"version": "0",
"versionType": "128317"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine\u0026nbsp;OpManager, OpManager Plus, OpManager MSP and RMM versions\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e128317 and below are vulnerable to authenticated SQL injection in the URL monitoring.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Zohocorp ManageEngine\u00a0OpManager, OpManager Plus, OpManager MSP and RMM versions\u00a0128317 and below are vulnerable to authenticated SQL injection in the URL monitoring."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T16:20:16.449Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "ManageEngine"
},
"references": [
{
"url": "https://www.manageengine.com/itom/advisory/cve-2024-6748.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "ManageEngine",
"cveId": "CVE-2024-6748",
"datePublished": "2024-07-29T16:20:16.449Z",
"dateReserved": "2024-07-15T11:48:13.177Z",
"dateUpdated": "2024-08-01T21:41:04.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-11-08 02:46
Modified
2024-11-21 00:38
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | opmanager | 7.0 | |
| manageengine | opmanager_msp | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:opmanager:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7432EDDE-FD11-4DFC-AD85-2DE9225EA122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:manageengine:opmanager_msp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC032E3-C0CC-440D-81EF-D0B1F3542A62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en jsp/Login.do de ManageEngien OpManager MSP Edition y OpManager 7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros 1) requestid, (2) fileid, (3) woMode, y (2) woID. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles se han obtenido exclusivamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-5891",
"lastModified": "2024-11-21T00:38:53.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-11-08T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/38437"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27456"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26368"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/38437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38314"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-21 20:15
Modified
2024-11-21 05:09
Severity ?
Summary
Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| manageengine | opmanager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:manageengine:opmanager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA448B0F-C506-4537-8EDE-7FC13450A819",
"versionEndIncluding": "12.5.174",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager \u003c=12.5.174 when the API key contains an XML-based XSS payload."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en ManageEngine OPManager versiones anteriores a 12.5.174 incluy\u00e9ndola, cuando la clave API contiene una carga \u00fatil XSS basada en XML"
}
],
"id": "CVE-2020-19554",
"lastModified": "2024-11-21T05:09:14.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-21T20:15:07.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125177"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-202208-0895
Vulnerability from variot
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager. Authentication is required to exploit this vulnerability.The specific flaw exists within the getDNSResolveOption function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0895",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "opmanager plus",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
},
{
"model": "netflow analyzer",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
},
{
"model": "opmanager",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
}
],
"trust": 2.1
},
"cve": "CVE-2022-37024",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-37024",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-37024",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-37024",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-37024",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-37024",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37024",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2746",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager. Authentication is required to exploit this vulnerability.The specific flaw exists within the getDNSResolveOption function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-37024",
"trust": 5.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17695",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1184",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17697",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1183",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17696",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1179",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427595",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-37024",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"id": "VAR-202208-0895",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427595"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:06:14.234000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ManageEngine has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-37024.html"
},
{
"title": "Multiple ZOHO ManageEngine Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204577"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-37024.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37024"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37024/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427595"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"date": "2023-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2746"
},
{
"date": "2022-08-10T20:16:05.147000",
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"date": "2022-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-427595"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"date": "2023-09-21T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2746"
},
{
"date": "2022-08-16T16:01:57.027000",
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho\u00a0Corporation\u00a0 of \u00a0ManageEngine\u00a0Firewall\u00a0Analyzer\u00a0 and \u00a0ManageEngine\u00a0NetFlow\u00a0Analyzer\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
],
"trust": 0.6
}
}
var-202208-0863
Vulnerability from variot
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in a vulnerability in handling exceptional conditions.Information may be obtained. This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Network Configuration Manager. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a comprehensive network monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0863",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opmanager",
"scope": null,
"trust": 1.4,
"vendor": "manageengine",
"version": null
},
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "netflow analyzer",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
},
{
"model": "network configuration manager",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
}
],
"trust": 2.8
},
"cve": "CVE-2022-36923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-36923",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-36923",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-36923",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-36923",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-36923",
"trust": 2.8,
"value": "CRITICAL"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-36923",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-36923",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2747",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user\u0027s API key, and then access external APIs. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in a vulnerability in handling exceptional conditions.Information may be obtained. This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Network Configuration Manager. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a comprehensive network monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
}
],
"trust": 4.32
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36923",
"trust": 6.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18088",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1122",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18089",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1121",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18087",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1120",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17698",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1119",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427594",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-36923",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"id": "VAR-202208-0863",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427594"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T14:37:21.646000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ManageEngine has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"
},
{
"title": "Multiple ZOHO ManageEngine Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=204578"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.4,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36923"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36923/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427594"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"date": "2023-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2747"
},
{
"date": "2022-08-10T20:16:03.343000",
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"date": "2022-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-427594"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"date": "2023-09-21T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2747"
},
{
"date": "2022-08-16T16:01:19.867000",
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho\u00a0Corporation\u00a0 of \u00a0ManageEngine\u00a0Firewall\u00a0Analyzer\u00a0 and \u00a0ManageEngine\u00a0NetFlow\u00a0Analyzer\u00a0 Vulnerability in handling exceptional conditions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
],
"trust": 0.6
}
}