Description
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-39581 | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. |
References
History
Wed, 27 Aug 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-284 | |
| Metrics |
cvssV3_1
|
ssvc
|
Subscriptions
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-08-27T18:47:32.363Z
Reserved: 2022-07-27T00:00:00.000Z
Link: CVE-2022-36923
Vulnrichment
Updated: 2024-08-03T10:14:29.360Z
NVD
Status : Analyzed
Published: 2022-08-10T20:16:03.343
Modified: 2025-09-24T19:43:46.907
Link: CVE-2022-36923
Redhat
No data.
OpenCVE Enrichment
No data.