Vulnerability Details CVE-2022-36923
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.4%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-36923
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6
-
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5
-
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6
-
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5
-
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6
-
cpe:2.3:a:zohocorp:manageengine_oputils:12.5
-
cpe:2.3:a:zohocorp:manageengine_oputils:12.6