ByteOS

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125459:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125464:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125467:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125469:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125471:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125476:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125482:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125483:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125484:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125485:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125488:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125490:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125557:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125566:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125568:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125582:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125584:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125585:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125606:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125615:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125647:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125656:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125657:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125664:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126000:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126001:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126113:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126114:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126115:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126116:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126117:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126118:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126119:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125450:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125451:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125452:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125453:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125455:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125456:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125459:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125465:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://manageengine.com	cve@mitre.org	Vendor Advisory
https://www.manageengine.com/itom/advisory/cve-2022-38772.html	cve@mitre.org	Vendor Advisory

Hyperlink: https://manageengine.com

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://www.manageengine.com/itom/advisory/cve-2022-38772.html

Source: cve@mitre.org

Resource:

Vendor Advisory

Similar CVEs

58Records found

CVE-2024-27311

Matching Score-8

Assigner-ManageEngine

Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.

Matching Score-8

Assigner-ManageEngine

CVSS Score-5.5||MEDIUM

EPSS-0.17% / 38.38%

7 Day CHG-0.15%

Published-17 Jul, 2024 | 10:52

Updated-02 Aug, 2024 | 00:28

Arbitrary file writing

Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder.

Product-manageengine_ddi_central DDI Central

CWE ID-CWE-434

Unrestricted Upload of File with Dangerous Type

CVE-2024-5527

Matching Score-8

Assigner-ManageEngine

Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.

Matching Score-8

Assigner-ManageEngine

CVSS Score-8.3||HIGH

EPSS-4.94% / 89.23%

7 Day CHG~0.00%

Published-12 Aug, 2024 | 05:31

Updated-16 Aug, 2024 | 20:24

SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8110 are vulnerable to authenticated SQL Injection in file auditing configuration.

Product-manageengine_adaudit_plus ADAudit Plus adaudit_plus

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-5546

Matching Score-8

Assigner-ManageEngine

Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.

Matching Score-8

Assigner-ManageEngine

CVSS Score-8.3||HIGH

EPSS-4.16% / 88.22%

7 Day CHG+1.05%

Published-28 Aug, 2024 | 08:44

Updated-19 Sep, 2024 | 14:39

SQL Injection

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

Product-manageengine_password_manager_pro manageengine_pam360 Password Manager Pro PAM360 pam360 password_manager_pro

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-5467

Matching Score-8

Assigner-ManageEngine

Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.

Matching Score-8

Assigner-ManageEngine

CVSS Score-8.3||HIGH

EPSS-3.70% / 87.47%

7 Day CHG~0.00%

Published-23 Aug, 2024 | 13:28

Updated-27 Aug, 2024 | 14:35

SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.

Product-manageengine_adaudit_plus ADAudit Plus adaudit_plus

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-5466

Matching Score-8

Assigner-ManageEngine

Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.

Matching Score-8

Assigner-ManageEngine

CVSS Score-8.8||HIGH

EPSS-7.79% / 91.59%

7 Day CHG~0.00%

Published-23 Aug, 2024 | 13:23

Updated-19 Dec, 2024 | 20:21

Remote Code Execution

Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.

Product-manageengine_remote_monitoring_and_management_central manageengine_opmanager_msp manageengine_opmanager manageengine_opmanager_plus OpManager, Remote Monitoring and Management manageengine_opmanager_msp manageengine_opmanager manageengine_opmanager_rmm manageengine_opmanager_plus

CWE ID-CWE-94

Improper Control of Generation of Code ('Code Injection')

CVE-2024-49574

Matching Score-8

Assigner-ManageEngine

Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.

Matching Score-8

Assigner-ManageEngine

CVSS Score-8.3||HIGH

EPSS-0.81% / 73.30%

7 Day CHG~0.00%

Published-18 Nov, 2024 | 07:55

Updated-26 Nov, 2024 | 14:45

SQL Injection

Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.

Product-manageengine_adaudit_plus ADAudit Plus manageengine_adaudit_plus

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-48878

Matching Score-8

Assigner-ManageEngine

Vendor-ManageEngine (Zoho Corporation Pvt. Ltd.)Zoho Corporation Pvt. Ltd.

Matching Score-8

Assigner-ManageEngine

CVSS Score-8.3||HIGH

EPSS-0.88% / 74.43%

7 Day CHG~0.00%

Published-04 Nov, 2024 | 10:56

Updated-05 Nov, 2024 | 19:44

SQL Injection

Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.

Product-manageengine_admanager_plus ADManager Plus manageengine_admanager_plus

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2024-36515

Matching Score-8

Assigner-ManageEngine