Remote Code Execution Vulnerability in Zoho ManageEngine Products
CVE-2022-37024

8.8HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Opmanager; Manageengine Network Configuration Manager; Manageengine Firewall Analyzer; Manageengine Netflow Analyzer
Vendor: CVE Published:; 10 August 2022

What is CVE-2022-37024?

An issue in Zoho ManageEngine software products allows authenticated users to execute unauthorized database changes. This flaw can lead to remote code execution, posing a significant risk to systems utilizing affected versions. Ensure your installations are updated to mitigate potential threats.

References

https://www.manageengine.com/itom/advisory/cve-2022-37024...

x_refsource_MISC

EPSS Score

58% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2022
Vulnerability Reserved
Jul 29, 2022

Zohocorp

What is CVE-2022-37024?

References

EPSS Score

CVSS V3.1

Timeline