Vulnerability Details CVE-2022-27964
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.9
References
- https://github.com/ycdxsb/Vuln/blob/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xmanager-CreateProcessW-Misuse-Binary-Hijack
- https://www.netsarang.com/en/xmanager-update-history/
- https://github.com/ycdxsb/Vuln/blob/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xmanager-CreateProcessW-Misuse-Binary-Hijack
- https://www.netsarang.com/en/xmanager-update-history/
Products affected by CVE-2022-27964
-
cpe:2.3:a:netsarang:xmanager:3.0.127
-
cpe:2.3:a:netsarang:xmanager:3.0.218
-
cpe:2.3:a:netsarang:xmanager:4.0.165
-
cpe:2.3:o:microsoft:windows:-