CVE-2022-36923 - Zohocorp Manageengine Opmanager Plus, Zohocorp Manageengine Opmanager Msp and Zohocorp Manageengine Oputils

August 10, 2022

Critical 7.5

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

Affected software

Zohocorp Manageengine Opmanager Plus

Zohocorp Manageengine Opmanager Msp

Zohocorp Manageengine Oputils

Zohocorp Manageengine Netflow Analyzer

Zohocorp Manageengine Firewall Analyzer

Zohocorp Manageengine Network Configuration Manager

Zohocorp Manageengine Opmanager

Reference links

https://www.manageengine.com/itom/advisory/cve-2022-36923.html

CVE-2022-36923 - Zohocorp Manageengine Opmanager Plus, Zohocorp Manageengine Opmanager Msp and Zohocorp Manageengine Oputils

Affected software

Reference links

Get alerted to vulnerabilities in your software