CVE-2022-38757

HIGH

Micro Focus ZENworks <2020 Update 3a - Privilege Escalation

Title source: llm

Description

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.

References (3)

Core 3

Core References

Various Sources

https://kmviewer.saas.microfocus.com/#/PH_206719

Various Sources

https://kmviewer.saas.microfocus.com/#/PH_206720

Various Sources

https://portal.microfocus.com/s/article/KM000012895?language=en_US

Scores

CVSS v3 7.2

EPSS 0.0043

EPSS Percentile 62.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

microfocus/zenworks 2020 (5 CPE variants)

microfocus/zenworks < 2020

Published Dec 23, 2022

Tracked Since Feb 18, 2026