- 184/2022
- High
Zoho has addressed a new vulnerability that leads to remote code execution on multiple affected products.
Multiple Zoho ManageEngine products could allow the remote authenticated attacker to execute arbitrary code on the system. The attacker could exploit this vulnerability to execute arbitrary code on the system by sending a specially-crafted request to carry out changes to the database.
Thee impacted products :
- OpManager
- OpManager Plus
- OpManager MSP
- Network Configuration Manager
- NetFlow Analyzer
- OpUtils
Multiple Zoho ManageEngine products code execution (CVE-2022-37024):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
- Remediation Level: Official Fix
Vulnerabilities
CVE-2022-37024
Mitigations
Kindly download the latest upgrade pack from the following links for the respective
https://www.manageengine.com/itom/advisory/cve-2022-37024.html