CVE-2022-37024
HIGHZohocorp Manageengine Firewall Analyzer - Remote Code Execution
Title source: ruleDescription
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.manageengine.com/itom/advisory/cve-2022-37024.html
Scores
CVSS v3
8.8
EPSS
0.5123
EPSS Percentile
97.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (6)
zohocorp/manageengine_firewall_analyzer
12.5 build125450 (7 CPE variants)
zohocorp/manageengine_firewall_analyzer
12.6 build126000 (11 CPE variants)
zohocorp/manageengine_netflow_analyzer
12.5 build125450 (7 CPE variants)
zohocorp/manageengine_netflow_analyzer
12.6 build126000 (11 CPE variants)
zohocorp/manageengine_network_configuration_manager
12.5 build125450 (7 CPE variants)
zohocorp/manageengine_network_configuration_manager
12.6 build126000 (7 CPE variants)
Published
Aug 10, 2022
Tracked Since
Feb 18, 2026