Vulnerability Details CVE-2022-37024
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.615
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-37024
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5
-
cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6
-
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5
-
cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6
-
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5
-
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6
-
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5
-
cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6
-
cpe:2.3:a:zohocorp:manageengine_oputils:12.5
-
cpe:2.3:a:zohocorp:manageengine_oputils:12.6