Search criteria
10 vulnerabilities found for ManageEngine OpManager by Zohocorp
CVE-2025-9227 (GCVE-0-2025-9227)
Vulnerability from cvelistv5 – Published: 2025-11-11 13:29 – Updated: 2025-11-12 20:03
VLAI?
Summary
Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zohocorp | ManageEngine OpManager |
Affected:
0 , ≤ 128609
(128609)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:54:52.649415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:03:46.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine OpManager",
"vendor": "Zohocorp",
"versions": [
{
"lessThanOrEqual": "128609",
"status": "affected",
"version": "0",
"versionType": "128609"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "128609",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor."
}
],
"value": "Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T13:29:32.185Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/itom/advisory/cve-2025-9227.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-9227",
"datePublished": "2025-11-11T13:29:32.185Z",
"dateReserved": "2025-08-20T07:21:52.488Z",
"dateUpdated": "2025-11-12T20:03:46.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9227 (GCVE-0-2025-9227)
Vulnerability from nvd – Published: 2025-11-11 13:29 – Updated: 2025-11-12 20:03
VLAI?
Summary
Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zohocorp | ManageEngine OpManager |
Affected:
0 , ≤ 128609
(128609)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T14:54:52.649415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:03:46.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine OpManager",
"vendor": "Zohocorp",
"versions": [
{
"lessThanOrEqual": "128609",
"status": "affected",
"version": "0",
"versionType": "128609"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "128609",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor."
}
],
"value": "Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T13:29:32.185Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/itom/advisory/cve-2025-9227.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-9227",
"datePublished": "2025-11-11T13:29:32.185Z",
"dateReserved": "2025-08-20T07:21:52.488Z",
"dateUpdated": "2025-11-12T20:03:46.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201806-1164
Vulnerability from variot - Updated: 2024-02-13 22:38A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. plural Zoho ManageEngine The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. There are cross-site scripting vulnerabilities in many ZOHO products. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html
========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script
Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me
========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx
Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.
========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ==========================
POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif
Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123147"
},
{
"model": "manageengine netflow analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123137"
},
{
"model": "manageengine network configuration manager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123128"
},
{
"model": "manageengine opmanager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123148"
},
{
"model": "manageengine oputils",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123161"
},
{
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "oputils",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "opmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
},
{
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xiaotian Wang",
"sources": [
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 0.1
},
"cve": "CVE-2018-12998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-12998",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-123013",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-12998",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12998",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-123013",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-12998",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123013"
},
{
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
},
{
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter \u0027operation\u0027 to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. plural Zoho ManageEngine The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. There are cross-site scripting vulnerabilities in many ZOHO products. This issue has been reported to the vendor who has already published patches for this issue. \nhttps://www.manageengine.com/products/applications_manager/issues.html\n\n\n==========================\nAdvisory:Zoho manageengine Applications Manager Reflected XSSVulnerability\nAuthor: M3 From DBAppSecurity\nAffected Version: All\n==========================\nProof of Concept:\n==========================\n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script\n\n\nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me\n\n\n==========================\nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products\nAuthor: M3 From DBAppSecurity\nAffected Products:\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\n==========================\nProof of Concept:\n==========================\nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx\n\n\nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. \n\n\n\n\n==========================\nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion\nAuthor: M3 From DBAppSecurity\nAffected Products:Desktop Central\n==========================\nProof of Concept:\n==========================\n\n\nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif\n\n\nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12998"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "VULHUB",
"id": "VHN-123013"
},
{
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12998",
"trust": 2.7
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036",
"trust": 2.4
},
{
"db": "PACKETSTORM",
"id": "148635",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785",
"trust": 0.8
},
{
"db": "VULHUB",
"id": "VHN-123013",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-12998",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123013"
},
{
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
},
{
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"id": "VAR-201806-1164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-123013"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T22:38:58.124000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.manageengine.com/"
},
{
"title": "Multiple ZOHO Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81655"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123013"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/unh3x/just4cve/issues/10"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2018/jul/75"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html"
},
{
"trust": 1.8,
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-036"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12998"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12998"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12999"
},
{
"trust": 0.1,
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"trust": 0.1,
"url": "http://opmanager.helpdocsonline.com/read-me"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12996"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123013"
},
{
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
},
{
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-123013"
},
{
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
},
{
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-123013"
},
{
"date": "2018-06-29T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"date": "2018-07-22T17:22:56",
"db": "PACKETSTORM",
"id": "148635"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-036"
},
{
"date": "2018-06-29T12:29:00.500000",
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-20T00:00:00",
"db": "VULHUB",
"id": "VHN-123013"
},
{
"date": "2023-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12998"
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006785"
},
{
"date": "2021-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-036"
},
{
"date": "2023-12-07T20:06:40.657000",
"db": "NVD",
"id": "CVE-2018-12998"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Zoho ManageEngine Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006785"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-036"
}
],
"trust": 0.7
}
}
VAR-201906-1243
Vulnerability from variot - Updated: 2023-12-18 14:05Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus. plural Zoho ManageEngine The product contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZOHO ManageEngine Desktop Central (DC) and so on are all products of ZOHO Company of the United States. ManageEngine Desktop Central is a desktop management solution. ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software (ITSM) based on ITIL architecture. ZOHO ManageEngine EventLog Analyzer is a set of system and event log analysis software. There are authorization problem vulnerabilities in many ZOHO products. The vulnerability is caused by the program assigning incorrect permissions to the \%SYSTEMDRIVE\%ManageEngine directory and its subfolders
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageengine key manager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "5.6"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "11.0"
},
{
"model": "manageengine servicedesk plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "10.0.0"
},
{
"model": "manageengine patch manager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "9.0.0"
},
{
"model": "manageengine supportcenter plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "8.1"
},
{
"model": "manageengine firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.0"
},
{
"model": "manageengine password manager pro",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "9.9"
},
{
"model": "manageengine vulnerability manager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "9.0.0"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.3"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "11.0"
},
{
"model": "manageengine eventlog analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.0.2"
},
{
"model": "manageengine analytics plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "1.0"
},
{
"model": "manageengine patch connect plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "9.0.0"
},
{
"model": "manageengine o365 manager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "4.0"
},
{
"model": "manageengine mobile device manager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "9.0.0"
},
{
"model": "manageengine browser security plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "11.0"
},
{
"model": "manageengine desktop central",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "10.0.380"
},
{
"model": "manageengine analytics plus",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "1.0"
},
{
"model": "manageengine browser security plus",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine desktop central",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "10.0.380"
},
{
"model": "manageengine eventlog analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "12.0.2"
},
{
"model": "manageengine firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "12.0"
},
{
"model": "manageengine key manager plus",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "5.6"
},
{
"model": "manageengine mobile device manager plus",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "9.0.0"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "11.0"
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "11.0"
},
{
"model": "manageengine o365 manager plus",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "NVD",
"id": "CVE-2019-12133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_mobile_device_manager_plus:9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_patch_connect_plus:9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:9.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_eventlog_analyzer:12.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_desktop_central:10.0.380:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:9.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12133"
}
]
},
"cve": "CVE-2019-12133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-12133",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-143849",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-12133",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-12133",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-717",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-143849",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143849"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "NVD",
"id": "CVE-2019-12133"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0, SupportCenter Plus 8.1, O365 Manager Plus 4.0, Mobile Device Manager Plus 9.0.0, Patch Connect Plus 9.0.0, Vulnerability Manager Plus 9.0.0, Patch Manager Plus 9.0.0, OpManager 12.3, NetFlow Analyzer 11.0, OpUtils 11.0, Network Configuration Manager 11.0, FireWall 12.0, Key Manager Plus 5.6, Password Manager Pro 9.9, Analytics Plus 1.0, and Browser Security Plus. plural Zoho ManageEngine The product contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZOHO ManageEngine Desktop Central (DC) and so on are all products of ZOHO Company of the United States. ManageEngine Desktop Central is a desktop management solution. ZOHO ManageEngine ServiceDesk Plus is a set of IT service management software (ITSM) based on ITIL architecture. ZOHO ManageEngine EventLog Analyzer is a set of system and event log analysis software. There are authorization problem vulnerabilities in many ZOHO products. The vulnerability is caused by the program assigning incorrect permissions to the \\\\%SYSTEMDRIVE\\\\%ManageEngine directory and its subfolders",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12133"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "VULHUB",
"id": "VHN-143849"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12133",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005620",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-717",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-143849",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143849"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "NVD",
"id": "CVE-2019-12133"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
]
},
"id": "VAR-201906-1243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-143849"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:05:07.736000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Elevation of Privilege",
"trust": 0.8,
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"title": "Multiple ZOHO Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=93902"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "CWE-275",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143849"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "NVD",
"id": "CVE-2019-12133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.manageengine.com/products/desktop-central/elevation-of-privilege-vulnerability.html"
},
{
"trust": 1.7,
"url": "https://github.com/active-labs/advisories/blob/master/2019/active-2019-007.md"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12133"
},
{
"trust": 1.4,
"url": "https://github.com/active-labs/advisories/blob/master/active-2019-007.md"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12133"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-143849"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "NVD",
"id": "CVE-2019-12133"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-143849"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"db": "NVD",
"id": "CVE-2019-12133"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-18T00:00:00",
"db": "VULHUB",
"id": "VHN-143849"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"date": "2019-06-18T22:15:12.027000",
"db": "NVD",
"id": "CVE-2019-12133"
},
{
"date": "2019-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-143849"
},
{
"date": "2019-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005620"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-12133"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Zoho ManageEngine Product permission vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005620"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-717"
}
],
"trust": 0.6
}
}
VAR-202207-1110
Vulnerability from variot - Updated: 2023-12-18 14:03ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. ManageEngine OpManager , manageengine network configuration manager , ManageEngine NetFlow Analyzer etc. multiple Zoho Corporation The product contains an input validation vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202207-1110",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": "lt",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine network configuration manager",
"scope": "lt",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "lt",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine opmanager",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine network configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"db": "NVD",
"id": "CVE-2022-35404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125233:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125312:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125323:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125324:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125326:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125328:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125108:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125110:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125111:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125112:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125118:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125120:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125123:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125124:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125125:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125136:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125137:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125139:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125140:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125143:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125144:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125145:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125156:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125157:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125158:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125159:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125161:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125163:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125174:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125175:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125176:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125177:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125178:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125180:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125181:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125192:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125193:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125194:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125195:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125196:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125197:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125198:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125201:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125204:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125213:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125214:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125215:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125216:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125228:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125229:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125230:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125231:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125232:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125329:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125340:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125341:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125342:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125343:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125344:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125346:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125358:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125359:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125360:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125361:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125362:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125364:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125366:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125367:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125375:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125376:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125377:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125378:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125379:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125380:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125381:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125382:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125386:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125392:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125393:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125394:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125397:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125398:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125399:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125405:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125410:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125411:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125413:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125414:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125415:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125416:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125417:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125420:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125428:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125430:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125431:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125432:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125433:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125434:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125437:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125446:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125448:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125466:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125467:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125468:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125469:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125470:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125482:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125483:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125485:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125486:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125487:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125488:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125489:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125568:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125587:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125588:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125589:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125645:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125648:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125649:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125651:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125652:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125653:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125654:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125656:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125657:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125457:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125476:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125567:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125597:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125598:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125599:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125601:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125603:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125604:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125605:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125611:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125612:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125613:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125614:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125615:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125616:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125617:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125628:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125629:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125630:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125631:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125632:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125634:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125635:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125638:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125436:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125459:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125465:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125469:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125471:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125475:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125482:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125483:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125485:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125488:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125490:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125565:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125568:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125583:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125584:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125598:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125612:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125615:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125617:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125646:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125650:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125656:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125566:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125557:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125490:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125488:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125485:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125484:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125483:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125482:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125476:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125471:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125467:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125464:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125459:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125447:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125429:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125412:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125399:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125393:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125381:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125376:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125362:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125357:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125329:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125323:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125232:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125217:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125213:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125200:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125180:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125179:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125160:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125149:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125582:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125585:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125615:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125647:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125656:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125129:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125125:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125120:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125109:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125108:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125648:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125647:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125621:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125615:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125605:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125582:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125568:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125557:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125490:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125488:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125485:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125484:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125483:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125482:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125475:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125467:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125459:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125464:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125447:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125429:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125410:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125399:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125381:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125376:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125362:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125361:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125357:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125329:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125323:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125232:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125221:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125217:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125213:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125212:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125200:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125194:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125180:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125179:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125160:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125150:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125149:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125141:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125125:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125122:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125120:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125109:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125108:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125142:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35404"
}
]
},
"cve": "CVE-2022-35404",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-35404",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-35404",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-1467",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"db": "NVD",
"id": "CVE-2022-35404"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. ManageEngine OpManager , manageengine network configuration manager , ManageEngine NetFlow Analyzer etc. multiple Zoho Corporation The product contains an input validation vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-35404"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"db": "VULHUB",
"id": "VHN-431725"
},
{
"db": "VULMON",
"id": "CVE-2022-35404"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-35404",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013645",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1467",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-431725",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-35404",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-431725"
},
{
"db": "VULMON",
"id": "CVE-2022-35404"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"db": "NVD",
"id": "CVE-2022-35404"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
]
},
"id": "VAR-202207-1110",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-431725"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:03:51.684000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ZOHO ManageEngine Password Manager Pro Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=201957"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "Inappropriate input confirmation (CWE-20) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-431725"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"db": "NVD",
"id": "CVE-2022-35404"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://manageengine.com"
},
{
"trust": 2.6,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-35404.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35404"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-35404/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-431725"
},
{
"db": "VULMON",
"id": "CVE-2022-35404"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"db": "NVD",
"id": "CVE-2022-35404"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-431725"
},
{
"db": "VULMON",
"id": "CVE-2022-35404"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"db": "NVD",
"id": "CVE-2022-35404"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-431725"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-35404"
},
{
"date": "2023-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"date": "2022-07-18T13:15:10.510000",
"db": "NVD",
"id": "CVE-2022-35404"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-431725"
},
{
"date": "2022-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2022-35404"
},
{
"date": "2023-09-11T08:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-013645"
},
{
"date": "2023-08-08T14:22:24.967000",
"db": "NVD",
"id": "CVE-2022-35404"
},
{
"date": "2022-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Zoho\u00a0Corporation\u00a0 Product input verification vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-013645"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-1467"
}
],
"trust": 0.6
}
}
VAR-201911-1328
Vulnerability from variot - Updated: 2023-12-18 13:23Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. Zoho ManageEngine OpManager and Firewall Analyzer Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both ZOHO ManageEngine OpManager and ZOHO ManageEngine Firewall Analyzer are products of ZOHO, an American company. ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software. ZOHO ManageEngine Firewall Analyzer is a set of web-based firewall log analysis tools, which can collect, correlate, analyze and report logs on firewalls, proxy servers and Radius servers throughout the enterprise. There are security vulnerabilities in ZOHO ManageEngine OpManager version 12.4.072 and ZOHO ManageEngine Firewall Analyzer version 12.4.072
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": "12.4"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": "12.4"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "12.4.072"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 0.8,
"vendor": "zoho",
"version": "12.4.072"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.4:124072:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.4:build124072:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17421"
}
]
},
"cve": "CVE-2019-17421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-17421",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-149666",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-17421",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17421",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1252",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149666",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149666"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. Zoho ManageEngine OpManager and Firewall Analyzer Contains a vulnerability with inappropriate default permissions.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both ZOHO ManageEngine OpManager and ZOHO ManageEngine Firewall Analyzer are products of ZOHO, an American company. ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software. ZOHO ManageEngine Firewall Analyzer is a set of web-based firewall log analysis tools, which can collect, correlate, analyze and report logs on firewalls, proxy servers and Radius servers throughout the enterprise. There are security vulnerabilities in ZOHO ManageEngine OpManager version 12.4.072 and ZOHO ManageEngine Firewall Analyzer version 12.4.072",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"db": "VULHUB",
"id": "VHN-149666"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17421",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012531",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1252",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-28461",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-149666",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149666"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
]
},
"id": "VAR-201911-1328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-149666"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:30.030000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-17421",
"trust": 0.8,
"url": "https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-276",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149666"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"db": "NVD",
"id": "CVE-2019-17421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.manageengine.com/products/firewall/security-updates/cve-2019-17421.html"
},
{
"trust": 1.7,
"url": "https://blog.vastart.dev/2019/11/cve-2019-17421-privilege-escalation.html"
},
{
"trust": 1.7,
"url": "https://twitter.com/va_start"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17421"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17421"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149666"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-149666"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-149666"
},
{
"date": "2019-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"date": "2019-11-21T15:15:14.790000",
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-149666"
},
{
"date": "2019-12-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012531"
},
{
"date": "2021-04-29T18:17:21.697000",
"db": "NVD",
"id": "CVE-2019-17421"
},
{
"date": "2019-12-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho ManageEngine OpManager and Firewall Analyzer Inappropriate default permission vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012531"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1252"
}
],
"trust": 0.6
}
}
VAR-202208-0863
Vulnerability from variot - Updated: 2023-12-18 13:06Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in a vulnerability in handling exceptional conditions.Information may be obtained. This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Network Configuration Manager. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a comprehensive network monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0863",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "opmanager",
"scope": null,
"trust": 1.4,
"vendor": "manageengine",
"version": null
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "netflow analyzer",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
},
{
"model": "network configuration manager",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125656:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125656:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
}
],
"trust": 2.8
},
"cve": "CVE-2022-36923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-36923",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-36923",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-36923",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-36923",
"trust": 2.8,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-36923",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2747",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user\u0027s API key, and then access external APIs. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in a vulnerability in handling exceptional conditions.Information may be obtained. This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Network Configuration Manager. Authentication is not required to exploit this vulnerability.The specific flaw exists within the getUserAPIKey function. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a comprehensive network monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
}
],
"trust": 4.32
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36923",
"trust": 6.2
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18088",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1122",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18089",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1121",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-18087",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1120",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17698",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1119",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427594",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-36923",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"id": "VAR-202208-0863",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427594"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:06:36.248000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ManageEngine has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"
},
{
"title": "Multiple ZOHO ManageEngine Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=204578"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-755",
"trust": 1.1
},
{
"problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.4,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36923"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36923/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"db": "VULHUB",
"id": "VHN-427594"
},
{
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427594"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"date": "2023-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"date": "2022-08-10T20:16:03.343000",
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1122"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1121"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1120"
},
{
"date": "2022-08-18T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1119"
},
{
"date": "2022-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-427594"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36923"
},
{
"date": "2023-09-21T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-014729"
},
{
"date": "2022-08-16T16:01:19.867000",
"db": "NVD",
"id": "CVE-2022-36923"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho\u00a0Corporation\u00a0 of \u00a0ManageEngine\u00a0Firewall\u00a0Analyzer\u00a0 and \u00a0ManageEngine\u00a0NetFlow\u00a0Analyzer\u00a0 Vulnerability in handling exceptional conditions in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014729"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2747"
}
],
"trust": 0.6
}
}
VAR-202208-0895
Vulnerability from variot - Updated: 2023-12-18 12:54Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager. Authentication is required to exploit this vulnerability.The specific flaw exists within the getDNSResolveOption function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-0895",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine opmanager plus",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine firewall analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager msp",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.6"
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.5"
},
{
"model": "manageengine netflow analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": null,
"trust": 0.8,
"vendor": "zoho",
"version": null
},
{
"model": "opmanager plus",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
},
{
"model": "netflow analyzer",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
},
{
"model": "opmanager",
"scope": null,
"trust": 0.7,
"vendor": "manageengine",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125451:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125452:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125453:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125456:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125656:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125450:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125656:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125664:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126000:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
}
],
"trust": 2.1
},
"cve": "CVE-2022-37024",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2022-37024",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.1,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-37024",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-37024",
"trust": 2.1,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-37024",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-2746",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. Zoho Corporation of ManageEngine Firewall Analyzer and ManageEngine NetFlow Analyzer Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager. Authentication is required to exploit this vulnerability.The specific flaw exists within the getDNSResolveOption function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. ZOHO ManageEngine OpManager etc. are all products of ZOHO India. ZOHO ManageEngine OpManager is a set of network, server and virtualization monitoring software. ZOHO ManageEngine OpManager Plus is an IT operations management solution for Windows and Linux systems. ZOHO ManageEngine OpManager MSP is an easy-to-use network and server management software",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
}
],
"trust": 3.69
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-37024",
"trust": 5.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17695",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1184",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17697",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1183",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-17696",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-1179",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-427595",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-37024",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"id": "VAR-202208-0895",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427595"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:54:51.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ManageEngine has issued an update to correct this vulnerability.",
"trust": 2.1,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-37024.html"
},
{
"title": "Multiple ZOHO ManageEngine Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=204577"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.7,
"url": "https://www.manageengine.com/itom/advisory/cve-2022-37024.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-37024"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-37024/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"db": "VULHUB",
"id": "VHN-427595"
},
{
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-427595"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"date": "2023-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"date": "2022-08-10T20:16:05.147000",
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"date": "2022-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1184"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1183"
},
{
"date": "2022-09-01T00:00:00",
"db": "ZDI",
"id": "ZDI-22-1179"
},
{
"date": "2022-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-427595"
},
{
"date": "2022-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-37024"
},
{
"date": "2023-09-21T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2022-014728"
},
{
"date": "2022-08-16T16:01:57.027000",
"db": "NVD",
"id": "CVE-2022-37024"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho\u00a0Corporation\u00a0 of \u00a0ManageEngine\u00a0Firewall\u00a0Analyzer\u00a0 and \u00a0ManageEngine\u00a0NetFlow\u00a0Analyzer\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-014728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-2746"
}
],
"trust": 0.6
}
}
VAR-201806-1163
Vulnerability from variot - Updated: 2023-12-18 12:18Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. https://www.manageengine.com/products/applications_manager/issues.html
========================== Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability Author: M3 From DBAppSecurity Affected Version: All ========================== Proof of Concept: ========================== /GraphicalView.do?method=createBusinessService"scriptalert(5045)/script
Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. http://opmanager.helpdocsonline.com/read-me
========================== Advisory:Zoho manageengine Arbitrary File Read in multiple Products Author: M3 From DBAppSecurity Affected Products: Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer ========================== Proof of Concept: ========================== POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx
Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.
========================== Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion Author: M3 From DBAppSecurity Affected Products:Desktop Central ========================== Proof of Concept: ==========================
POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: / Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif
Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firewall analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine netflow analyzer",
"scope": "eq",
"trust": 1.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine oputils",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine network configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine opmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "zohocorp",
"version": null
},
{
"model": "manageengine firewall analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123147"
},
{
"model": "manageengine netflow analyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123137"
},
{
"model": "manageengine network configuration manager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123128"
},
{
"model": "manageengine opmanager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123148"
},
{
"model": "manageengine oputils",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "build 123161"
},
{
"model": "network configuration manager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "oputils",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
},
{
"model": "opmanager",
"scope": "eq",
"trust": 0.6,
"vendor": "zohocorp",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_oputils:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xiaotian Wang",
"sources": [
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 0.1
},
"cve": "CVE-2018-12997",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12997",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-123012",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12997",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12997",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-037",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-123012",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile\u0026fileName= substring. plural Zoho ManageEngine The product contains an information disclosure vulnerability.Information may be obtained. ZOHO ManageEngine Netflow Analyzer, etc. are all products of the American company ZOHO. ZOHO ManageEngine Netflow Analyzer is a set of web-based bandwidth monitoring tools. Network Configuration Manager is a suite of network configuration management, network change and configuration management (NCCM) software for configuring switches, routers, firewalls, and other network devices. FailOverHelperServlet in many ZOHO products has an access control error vulnerability. This issue has been reported to the vendor who has already published patches for this issue. \nhttps://www.manageengine.com/products/applications_manager/issues.html\n\n\n==========================\nAdvisory:Zoho manageengine Applications Manager Reflected XSSVulnerability\nAuthor: M3 From DBAppSecurity\nAffected Version: All\n==========================\nProof of Concept:\n==========================\n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script\n\n\nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me\n\n\n==========================\nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products\nAuthor: M3 From DBAppSecurity\nAffected Products:\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\n==========================\nProof of Concept:\n==========================\nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx\n\n\nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. \n\n\n\n\n==========================\nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion\nAuthor: M3 From DBAppSecurity\nAffected Products:Desktop Central\n==========================\nProof of Concept:\n==========================\n\n\nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif\n\n\nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "PACKETSTORM",
"id": "148635"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12997",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037",
"trust": 2.3
},
{
"db": "PACKETSTORM",
"id": "148635",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784",
"trust": 0.8
},
{
"db": "VULHUB",
"id": "VHN-123012",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"id": "VAR-201806-1163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:43.350000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.manageengine.com/"
},
{
"title": "Multiple ZOHO Product access control error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81656"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/unh3x/just4cve/issues/8"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2018/jul/73"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/148635/zoho-manageengine-13-13790-build-xss-file-read-file-deletion.html"
},
{
"trust": 1.7,
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqbyid.tag?cnnvd=cnnvd-201807-037"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12997"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12999"
},
{
"trust": 0.1,
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"trust": 0.1,
"url": "http://opmanager.helpdocsonline.com/read-me"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12998"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-123012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"db": "PACKETSTORM",
"id": "148635"
},
{
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-29T00:00:00",
"db": "VULHUB",
"id": "VHN-123012"
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"date": "2018-07-22T17:22:56",
"db": "PACKETSTORM",
"id": "148635"
},
{
"date": "2018-06-29T12:29:00.437000",
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-20T00:00:00",
"db": "VULHUB",
"id": "VHN-123012"
},
{
"date": "2018-08-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006784"
},
{
"date": "2023-12-07T20:06:40.657000",
"db": "NVD",
"id": "CVE-2018-12997"
},
{
"date": "2021-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Zoho ManageEngine Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006784"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-037"
}
],
"trust": 0.6
}
}
VAR-201908-0731
Vulnerability from variot - Updated: 2023-12-18 12:17An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm. Zoho ManageEngine OpManager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zoho ManageEngine OpManager is a set of network, server and virtualization monitoring software from Zoho.
Zoho ManageEngine OpManager is vulnerable to permission permission and access control issues
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "manageengine opmanager",
"scope": "lte",
"trust": 1.0,
"vendor": "zohocorp",
"version": "12.4.034"
},
{
"model": "manageengine opmanager",
"scope": "lt",
"trust": 0.8,
"vendor": "zoho",
"version": "14310"
},
{
"model": "manageengine opmanager",
"scope": "lte",
"trust": 0.6,
"vendor": "zoho",
"version": "\u003c=12.4x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"db": "NVD",
"id": "CVE-2019-15106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.4.034",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15106"
}
]
},
"cve": "CVE-2019-15106",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15106",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34856",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15106",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15106",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-34856",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-1150",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"db": "NVD",
"id": "CVE-2019-15106"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The \"username+\u0027@opm\u0027 string is used for the password. For example, if the username is admin, the password is admin@opm. Zoho ManageEngine OpManager Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Zoho ManageEngine OpManager is a set of network, server and virtualization monitoring software from Zoho. \n\nZoho ManageEngine OpManager is vulnerable to permission permission and access control issues",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15106"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"db": "CNVD",
"id": "CNVD-2019-34856"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15106",
"trust": 3.0
},
{
"db": "EXPLOIT-DB",
"id": "47229",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008299",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-34856",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1150",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"db": "NVD",
"id": "CVE-2019-15106"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
]
},
"id": "VAR-201908-0731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34856"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34856"
}
]
},
"last_update_date": "2023-12-18T12:17:47.900000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2019-15106 (User login bypass vulnerability in APM plugin)",
"trust": 0.8,
"url": "https://www.manageengine.com/network-monitoring/security-updates/cve-2019-15106.html"
},
{
"title": "CVE-2019-15106 (Unauthenticated Remote Command Execution in Applications Manager Plugin)",
"trust": 0.8,
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15106.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"db": "NVD",
"id": "CVE-2019-15106"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15106"
},
{
"trust": 1.6,
"url": "http://pentest.com.tr/exploits/defcon-manageengine-opmanager-v12-4-unauthenticated-remote-command-execution.html"
},
{
"trust": 1.6,
"url": "https://www.exploit-db.com/exploits/47229"
},
{
"trust": 1.6,
"url": "https://www.manageengine.com/network-monitoring/security-updates/cve-2019-15106.html"
},
{
"trust": 1.6,
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-15106.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15106"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"db": "NVD",
"id": "CVE-2019-15106"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34856"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"db": "NVD",
"id": "CVE-2019-15106"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34856"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"date": "2019-08-16T03:15:11.327000",
"db": "NVD",
"id": "CVE-2019-15106"
},
{
"date": "2019-08-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34856"
},
{
"date": "2019-08-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008299"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-15106"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zoho ManageEngine OpManager Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008299"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-1150"
}
],
"trust": 0.6
}
}