CVE-2022-36923

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

Published: Aug 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-36923
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-755

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_opmanager	12.5-build125450	12.5-build125450.x
zohocorp / manageengine_opmanager	12.5-build125451	12.5-build125451.x
zohocorp / manageengine_opmanager	12.5-build125452	12.5-build125452.x
zohocorp / manageengine_opmanager	12.5-build125453	12.5-build125453.x
zohocorp / manageengine_opmanager	12.5-build125455	12.5-build125455.x
zohocorp / manageengine_network_configuration_manager	12.5-build125455	12.5-build125455.x
zohocorp / manageengine_opmanager	12.5-build125456	12.5-build125456.x
zohocorp / manageengine_opmanager	12.5-build125664	12.5-build125664.x
zohocorp / manageengine_network_configuration_manager	12.5-build125664	12.5-build125664.x
zohocorp / manageengine_firewall_analyzer	12.5-build125664	12.5-build125664.x
zohocorp / manageengine_netflow_analyzer	12.5-build125664	12.5-build125664.x
zohocorp / manageengine_oputils	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_oputils	12.6-build126114	12.6-build126114.x
zohocorp / manageengine_oputils	12.6-build126115	12.6-build126115.x
zohocorp / manageengine_oputils	12.6-build126116	12.6-build126116.x
zohocorp / manageengine_oputils	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_oputils	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_oputils	12.6-build126101	12.6-build126101.x
zohocorp / manageengine_oputils	12.6-build126102	12.6-build126102.x
zohocorp / manageengine_oputils	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_oputils	12.6-build126000	12.6-build126000.x
zohocorp / manageengine_oputils	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_oputils	12.5-build125664	12.5-build125664.x
zohocorp / manageengine_oputils	12.5-build125450	12.5-build125450.x
zohocorp / manageengine_oputils	12.5-build125451	12.5-build125451.x
zohocorp / manageengine_oputils	12.5-build125452	12.5-build125452.x
zohocorp / manageengine_oputils	12.5-build125453	12.5-build125453.x
zohocorp / manageengine_oputils	12.5-build125455	12.5-build125455.x
zohocorp / manageengine_oputils	12.5-build125456	12.5-build125456.x
zohocorp / manageengine_firewall_analyzer	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_firewall_analyzer	12.6-build126114	12.6-build126114.x
zohocorp / manageengine_firewall_analyzer	12.6-build126115	12.6-build126115.x
zohocorp / manageengine_firewall_analyzer	12.6-build126116	12.6-build126116.x
zohocorp / manageengine_firewall_analyzer	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_firewall_analyzer	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_firewall_analyzer	12.6-build126101	12.6-build126101.x
zohocorp / manageengine_firewall_analyzer	12.6-build126102	12.6-build126102.x
zohocorp / manageengine_firewall_analyzer	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_firewall_analyzer	12.6-build126000	12.6-build126000.x
zohocorp / manageengine_firewall_analyzer	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_firewall_analyzer	12.5-build125450	12.5-build125450.x
zohocorp / manageengine_firewall_analyzer	12.5-build125451	12.5-build125451.x
zohocorp / manageengine_firewall_analyzer	12.5-build125452	12.5-build125452.x
zohocorp / manageengine_firewall_analyzer	12.5-build125453	12.5-build125453.x
zohocorp / manageengine_firewall_analyzer	12.5-build125455	12.5-build125455.x
zohocorp / manageengine_firewall_analyzer	12.5-build125456	12.5-build125456.x
zohocorp / manageengine_netflow_analyzer	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_netflow_analyzer	12.6-build126114	12.6-build126114.x
zohocorp / manageengine_netflow_analyzer	12.6-build126115	12.6-build126115.x
zohocorp / manageengine_netflow_analyzer	12.6-build126116	12.6-build126116.x
zohocorp / manageengine_netflow_analyzer	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_netflow_analyzer	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_netflow_analyzer	12.6-build126101	12.6-build126101.x
zohocorp / manageengine_netflow_analyzer	12.6-build126102	12.6-build126102.x
zohocorp / manageengine_netflow_analyzer	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_netflow_analyzer	12.6-build126000	12.6-build126000.x
zohocorp / manageengine_netflow_analyzer	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_netflow_analyzer	12.5-build125450	12.5-build125450.x
zohocorp / manageengine_netflow_analyzer	12.5-build125451	12.5-build125451.x
zohocorp / manageengine_netflow_analyzer	12.5-build125452	12.5-build125452.x
zohocorp / manageengine_netflow_analyzer	12.5-build125453	12.5-build125453.x
zohocorp / manageengine_netflow_analyzer	12.5-build125455	12.5-build125455.x
zohocorp / manageengine_netflow_analyzer	12.5-build125456	12.5-build125456.x
zohocorp / manageengine_network_configuration_manager	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_network_configuration_manager	12.6-build126114	12.6-build126114.x
zohocorp / manageengine_network_configuration_manager	12.6-build126115	12.6-build126115.x
zohocorp / manageengine_network_configuration_manager	12.6-build126116	12.6-build126116.x
zohocorp / manageengine_network_configuration_manager	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_network_configuration_manager	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_network_configuration_manager	12.6-build126101	12.6-build126101.x
zohocorp / manageengine_network_configuration_manager	12.6-build126102	12.6-build126102.x
zohocorp / manageengine_network_configuration_manager	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_network_configuration_manager	12.6-build126000	12.6-build126000.x
zohocorp / manageengine_network_configuration_manager	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_network_configuration_manager	12.5-build125450	12.5-build125450.x
zohocorp / manageengine_network_configuration_manager	12.5-build125451	12.5-build125451.x
zohocorp / manageengine_network_configuration_manager	12.5-build125452	12.5-build125452.x
zohocorp / manageengine_network_configuration_manager	12.5-build125453	12.5-build125453.x
zohocorp / manageengine_network_configuration_manager	12.5-build125456	12.5-build125456.x
zohocorp / manageengine_opmanager	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_opmanager	12.6-build126114	12.6-build126114.x
zohocorp / manageengine_opmanager	12.6-build126115	12.6-build126115.x
zohocorp / manageengine_opmanager	12.6-build126116	12.6-build126116.x
zohocorp / manageengine_opmanager	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_opmanager	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_opmanager	12.6-build126101	12.6-build126101.x
zohocorp / manageengine_opmanager	12.6-build126102	12.6-build126102.x
zohocorp / manageengine_opmanager	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_opmanager	12.6-build126000	12.6-build126000.x
zohocorp / manageengine_opmanager	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_opmanager_msp	12.5-build125656	12.5-build125656.x
zohocorp / manageengine_opmanager_msp	12.5-build125664	12.5-build125664.x
zohocorp / manageengine_opmanager_msp	12.5-build125450	12.5-build125450.x
zohocorp / manageengine_opmanager_plus	12.6-build126000	12.6-build126000.x
zohocorp / manageengine_opmanager_plus	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_opmanager_plus	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_opmanager_plus	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_opmanager_plus	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_opmanager_plus	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_opmanager_plus	12.5-build125656	12.5-build125656.x
zohocorp / manageengine_opmanager_plus	12.5-build125664	12.5-build125664.x
zohocorp / manageengine_opmanager_plus	12.5-build125450	12.5-build125450.x
zohocorp / manageengine_opmanager_msp	12.6-build126117	12.6-build126117.x
zohocorp / manageengine_opmanager_msp	12.6-build126113	12.6-build126113.x
zohocorp / manageengine_opmanager_msp	12.6-build126103	12.6-build126103.x
zohocorp / manageengine_opmanager_msp	12.6-build126100	12.6-build126100.x
zohocorp / manageengine_opmanager_msp	12.6-build126001	12.6-build126001.x
zohocorp / manageengine_opmanager_msp	12.6-build126000	12.6-build126000.x

https://www.manageengine.com/itom/advisory/cve-2022-36923.html

Vulnerability Database

289,697

CVE-2022-36923