CVE-2022-36923

HIGH EXPLOITED NUCLEI

Zoho ManageEngine Firewall Analyzer - Unauthenticated API Key Exposure

Title source: llm

Exploitation Summary

CVE-2022-36923 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

Nuclei Templates (1)

Zoho ManageEngine - getUserAPIKey Authentication Bypass

HIGHVERIFIEDby daffainfo,jjcho

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.manageengine.com/itom/advisory/cve-2022-36923.html

Scores

CVSS v3 7.5

EPSS 0.0793

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2023-11-17

CWE

CWE-755 CWE-284

Status published

Products (6)

zohocorp/manageengine_firewall_analyzer 12.5 build125450 (7 CPE variants)

zohocorp/manageengine_firewall_analyzer 12.6 build126000 (11 CPE variants)

zohocorp/manageengine_netflow_analyzer 12.5 build125450 (7 CPE variants)

zohocorp/manageengine_netflow_analyzer 12.6 build126000 (11 CPE variants)

zohocorp/manageengine_network_configuration_manager 12.5 build125450 (7 CPE variants)

zohocorp/manageengine_network_configuration_manager 12.6 build126000 (7 CPE variants)

Published Aug 10, 2022

Tracked Since Feb 18, 2026