CVE-2022-36923

Published: Aug 10, 2022Modified: Sep 24, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

Affected (108)

Products: Zohocorp: Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager, Manageengine Opmanager, Manageengine Opmanager Msp, Manageengine Opmanager Plus, Manageengine Oputils

Zohocorp

7 products

Manageengine Firewall Analyzer

Manageengine Netflow Analyzer

Manageengine Network Configuration Manager

Manageengine Opmanager

Manageengine Opmanager Msp

Manageengine Opmanager Plus

Manageengine Oputils

Configuration A

108 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Firewall Analyzer	Version 12.5 build125450
Zohocorp Manageengine Firewall Analyzer	Version 12.5 build125451
Zohocorp Manageengine Firewall Analyzer	Version 12.5 build125452
Zohocorp Manageengine Firewall Analyzer	Version 12.5 build125453
Zohocorp Manageengine Firewall Analyzer	Version 12.5 build125455
Zohocorp Manageengine Firewall Analyzer	Version 12.5 build125456
Zohocorp Manageengine Firewall Analyzer	Version 12.5 build125664
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126000
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126001
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126100
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126101
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126102
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126103
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126113
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126114
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126115
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126116
Zohocorp Manageengine Firewall Analyzer	Version 12.6 build126117
Zohocorp Manageengine Netflow Analyzer	Version 12.5 build125450
Zohocorp Manageengine Netflow Analyzer	Version 12.5 build125451
Zohocorp Manageengine Netflow Analyzer	Version 12.5 build125452
Zohocorp Manageengine Netflow Analyzer	Version 12.5 build125453
Zohocorp Manageengine Netflow Analyzer	Version 12.5 build125455
Zohocorp Manageengine Netflow Analyzer	Version 12.5 build125456
Zohocorp Manageengine Netflow Analyzer	Version 12.5 build125664
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126000
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126001
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126100
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126101
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126102
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126103
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126113
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126114
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126115
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126116
Zohocorp Manageengine Netflow Analyzer	Version 12.6 build126117
Zohocorp Manageengine Network Configuration Manager	Version 12.5 build125450
Zohocorp Manageengine Network Configuration Manager	Version 12.5 build125451
Zohocorp Manageengine Network Configuration Manager	Version 12.5 build125452
Zohocorp Manageengine Network Configuration Manager	Version 12.5 build125453
Zohocorp Manageengine Network Configuration Manager	Version 12.5 build125455
Zohocorp Manageengine Network Configuration Manager	Version 12.5 build125456
Zohocorp Manageengine Network Configuration Manager	Version 12.5 build125664
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126000
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126001
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126100
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126101
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126102
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126103
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126113
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126114
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126115
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126116
Zohocorp Manageengine Network Configuration Manager	Version 12.6 build126117
Zohocorp Manageengine Opmanager	Version 12.5 build125450
Zohocorp Manageengine Opmanager	Version 12.5 build125451
Zohocorp Manageengine Opmanager	Version 12.5 build125452
Zohocorp Manageengine Opmanager	Version 12.5 build125453
Zohocorp Manageengine Opmanager	Version 12.5 build125455
Zohocorp Manageengine Opmanager	Version 12.5 build125456
Zohocorp Manageengine Opmanager	Version 12.5 build125664
Zohocorp Manageengine Opmanager	Version 12.6 build126000
Zohocorp Manageengine Opmanager	Version 12.6 build126001
Zohocorp Manageengine Opmanager	Version 12.6 build126100
Zohocorp Manageengine Opmanager	Version 12.6 build126101
Zohocorp Manageengine Opmanager	Version 12.6 build126102
Zohocorp Manageengine Opmanager	Version 12.6 build126103
Zohocorp Manageengine Opmanager	Version 12.6 build126113
Zohocorp Manageengine Opmanager	Version 12.6 build126114
Zohocorp Manageengine Opmanager	Version 12.6 build126115
Zohocorp Manageengine Opmanager	Version 12.6 build126116
Zohocorp Manageengine Opmanager	Version 12.6 build126117
Zohocorp Manageengine Opmanager Msp	Version 12.5 build125450
Zohocorp Manageengine Opmanager Msp	Version 12.5 build125656
Zohocorp Manageengine Opmanager Msp	Version 12.5 build125664
Zohocorp Manageengine Opmanager Msp	Version 12.6 build126000
Zohocorp Manageengine Opmanager Msp	Version 12.6 build126001
Zohocorp Manageengine Opmanager Msp	Version 12.6 build126100
Zohocorp Manageengine Opmanager Msp	Version 12.6 build126103
Zohocorp Manageengine Opmanager Msp	Version 12.6 build126113
Zohocorp Manageengine Opmanager Msp	Version 12.6 build126117
Zohocorp Manageengine Opmanager Plus	Version 12.5 build125450
Zohocorp Manageengine Opmanager Plus	Version 12.5 build125656
Zohocorp Manageengine Opmanager Plus	Version 12.5 build125664
Zohocorp Manageengine Opmanager Plus	Version 12.6 build126000
Zohocorp Manageengine Opmanager Plus	Version 12.6 build126001
Zohocorp Manageengine Opmanager Plus	Version 12.6 build126100
Zohocorp Manageengine Opmanager Plus	Version 12.6 build126103
Zohocorp Manageengine Opmanager Plus	Version 12.6 build126113
Zohocorp Manageengine Opmanager Plus	Version 12.6 build126117
Zohocorp Manageengine Oputils	Version 12.5 build125450
Zohocorp Manageengine Oputils	Version 12.5 build125451
Zohocorp Manageengine Oputils	Version 12.5 build125452
Zohocorp Manageengine Oputils	Version 12.5 build125453
Zohocorp Manageengine Oputils	Version 12.5 build125455
Zohocorp Manageengine Oputils	Version 12.5 build125456
Zohocorp Manageengine Oputils	Version 12.5 build125664
Zohocorp Manageengine Oputils	Version 12.6 build126000
Zohocorp Manageengine Oputils	Version 12.6 build126001
Zohocorp Manageengine Oputils	Version 12.6 build126100
Zohocorp Manageengine Oputils	Version 12.6 build126101
Zohocorp Manageengine Oputils	Version 12.6 build126102
Zohocorp Manageengine Oputils	Version 12.6 build126103
Zohocorp Manageengine Oputils	Version 12.6 build126113
Zohocorp Manageengine Oputils	Version 12.6 build126114
Zohocorp Manageengine Oputils	Version 12.6 build126115
Zohocorp Manageengine Oputils	Version 12.6 build126116
Zohocorp Manageengine Oputils	Version 12.6 build126117

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (2)

https://www.manageengine.com/itom/advisory/cve-2022-36923.html

Source: cve@mitre.org

Vendor Advisory

https://www.manageengine.com/itom/advisory/cve-2022-36923.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.