CVE-2022-38772
critical-risk
Published 2022-08-29
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
Do I need to act?
!
39.1% chance of exploitation in next 30 days
EPSS score — higher than 61% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (4)
Vendor Advisory
https://manageengine.com
Vendor Advisory
https://www.manageengine.com/itom/advisory/cve-2022-38772.html
Vendor Advisory
https://manageengine.com
Vendor Advisory
https://www.manageengine.com/itom/advisory/cve-2022-38772.html
80
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
17/34 · Moderate
Exposure
33/34 · Critical