{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-10T14:17:09.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36923", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html", "refsource": "MISC", "url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:14:29.360Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-08-27T18:46:42.662021Z", "id": "CVE-2022-36923", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T18:47:32.363Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36923", "datePublished": "2022-08-10T14:17:09.000Z", "dateReserved": "2022-07-27T00:00:00.000Z", "dateUpdated": "2025-08-27T18:47:32.363Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:14:29.360Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-36923", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-27T18:46:42.662021Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-27T17:17:43.365Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-08-10T14:17:09.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html", "name": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-36923", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2022-36923", "state": "PUBLISHED", "dateUpdated": "2025-08-27T18:47:32.363Z", "dateReserved": "2022-07-27T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-08-10T14:17:09.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125450:*:*:*:*:*:*", "matchCriteriaId": "95767F18-02DA-4B39-941E-3111639A8295", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125451:*:*:*:*:*:*", "matchCriteriaId": "3D6B8568-FCE8-4283-A41A-98DDA07B3631", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125452:*:*:*:*:*:*", "matchCriteriaId": "D6CF42CA-ED4F-4184-B392-B9BA6846A7D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125453:*:*:*:*:*:*", "matchCriteriaId": "2AFC22CB-4540-498A-AAA1-0F6D1676F290", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125455:*:*:*:*:*:*", "matchCriteriaId": "6585CDEA-9649-45A3-8965-E2CEAB1ADFCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125456:*:*:*:*:*:*", "matchCriteriaId": "5D9F4070-68B1-4444-991A-A2CB0063442A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.5:build125664:*:*:*:*:*:*", "matchCriteriaId": "EF7CDF11-A00E-47B6-B8E3-512998134656", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "A0B3AA58-0D48-4152-BF08-357D4A2098AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "22171713-63E5-42F8-BD7B-835447371595", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "D42A5730-622F-4903-991D-B54881349ABC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126101:*:*:*:*:*:*", "matchCriteriaId": "EC69DF45-45F8-4C7B-8457-666270C95895", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126102:*:*:*:*:*:*", "matchCriteriaId": "A33E48DB-3CC9-43FD-85F8-0F3C389B961E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "389CF8B9-F431-4369-A581-4BFBA1305A9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "DBD1E3BA-4112-4AD5-A616-BCFD2D5C5FDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126114:*:*:*:*:*:*", "matchCriteriaId": "4FFD8500-5E07-4B3E-88EC-27C403A9B44E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126115:*:*:*:*:*:*", "matchCriteriaId": "0BED22ED-D040-4439-AEC6-8CCD74F29217", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126116:*:*:*:*:*:*", "matchCriteriaId": "4D1C56BB-D28D-48B6-BA6B-7B403E248648", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "A49349AE-4EA2-4CE4-B8B9-326D44264B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125450:*:*:*:*:*:*", "matchCriteriaId": "BEC805D2-CFDC-40DE-AA70-42A91461BEE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125451:*:*:*:*:*:*", "matchCriteriaId": "4767BF5A-B867-44BB-B152-E2AFA63B06D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125452:*:*:*:*:*:*", "matchCriteriaId": "5855C471-07AB-4A96-9631-26C6C8B01F67", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125453:*:*:*:*:*:*", "matchCriteriaId": "5075910F-3676-439A-879A-5CBE2C734347", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125455:*:*:*:*:*:*", "matchCriteriaId": "20808F91-7F08-4BA9-9075-C54337EC68E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125456:*:*:*:*:*:*", "matchCriteriaId": "C700CE3B-31B5-4B4D-A378-70EC26D6F88B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.5:build125664:*:*:*:*:*:*", "matchCriteriaId": "574117B3-2785-4971-ABBE-55C08010E16B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "8C4AA98C-BFFE-46E9-A3C3-D37298A8F6F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "B907FD6F-BA43-4D8D-90C4-F51CD693E9B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "B6CF111E-B976-46D1-A246-B7D1750FFC45", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126101:*:*:*:*:*:*", "matchCriteriaId": "36CBCAF8-B7FE-4611-A9DE-C82BCDE81A86", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126102:*:*:*:*:*:*", "matchCriteriaId": "33D8FC4D-0EF1-4C5B-A677-7269FFF068C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "C510DE4D-B2AB-404D-BA49-3CE09FAECB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "6594EF08-E72F-4A59-86DB-B63E0CCE4463", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126114:*:*:*:*:*:*", "matchCriteriaId": "219B0F9E-A087-4AA2-B723-E3D68BEC9D21", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126115:*:*:*:*:*:*", "matchCriteriaId": "852A63FF-F97B-4BB9-869F-383E9FABE929", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126116:*:*:*:*:*:*", "matchCriteriaId": "FA6C4793-6913-4C51-A2D4-B906D2CBEA94", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_netflow_analyzer:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "3AF232D9-6735-4296-91C8-A451A1801287", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125450:*:*:*:*:*:*", "matchCriteriaId": "855EA944-CB73-4193-94E0-9D706FF554C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125451:*:*:*:*:*:*", "matchCriteriaId": "002FDBC8-72DE-46C6-A84B-B4A51F3228F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125452:*:*:*:*:*:*", "matchCriteriaId": "AABA0E18-790D-4A86-91C4-1C50D2B6167C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125453:*:*:*:*:*:*", "matchCriteriaId": "797C3F7A-E5CE-48B7-9BC1-4A637131C061", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125455:*:*:*:*:*:*", "matchCriteriaId": "7EE387F3-24C8-4933-A25E-D9C4026469D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125456:*:*:*:*:*:*", "matchCriteriaId": "2D219374-C6A2-4A28-AF41-ABC633D8C9ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125664:*:*:*:*:*:*", "matchCriteriaId": "88C4DF20-F8A7-4673-9639-42522C6BB3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "722ACCC8-EC9C-4700-A5D0-5C6EFE8E36AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "FC0970ED-62DC-442B-AA29-618ADBD66E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "8D6852F2-14B0-4EAE-B420-67A0103C10EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126101:*:*:*:*:*:*", "matchCriteriaId": "BF0CBE7F-B124-4ABD-82F5-CB85341CAC86", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126102:*:*:*:*:*:*", "matchCriteriaId": "08A4CCDD-0892-4FF3-8E17-41D6AB8FC747", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "2DB6B15E-6513-4590-A5C1-A949341411F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "C1DF8B30-1820-4DA1-AB30-996FCC99192B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126114:*:*:*:*:*:*", "matchCriteriaId": "09C0FF80-AF4C-47F9-B35C-12A7F2843D0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126115:*:*:*:*:*:*", "matchCriteriaId": "6445A4A5-E41D-4B60-88E7-0E5B66C2A096", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126116:*:*:*:*:*:*", "matchCriteriaId": "645D9C07-A2F4-4E8B-B2FD-39330CD7BE14", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "63739B14-BBAF-4F12-A178-36CE2C0F6B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125450:*:*:*:*:*:*", "matchCriteriaId": "A436DAC3-05F7-48DE-A2E2-0084AE31D9A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125451:*:*:*:*:*:*", "matchCriteriaId": "544961BA-03CA-49D6-AB7C-CFF597B3BB8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125452:*:*:*:*:*:*", "matchCriteriaId": "9CDBD0CB-8495-44A1-BF9B-29A195D9F718", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125453:*:*:*:*:*:*", "matchCriteriaId": "73B5365C-92ED-41CC-9B05-8BB1FE21F3C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125455:*:*:*:*:*:*", "matchCriteriaId": "B652092E-570C-4D4E-A133-627426C50F6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125456:*:*:*:*:*:*", "matchCriteriaId": "DC13FB20-119C-47F9-870D-399811661896", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.5:build125664:*:*:*:*:*:*", "matchCriteriaId": "1C14D389-AA7A-4CD3-A0B5-EF052907FEE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "48C09D5D-BC77-42DC-9A72-00A71F8C1A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "14269E88-7186-4F2C-B770-964D0AD7D414", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "C46D091F-095F-4F1D-8D16-1021E15BC963", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126101:*:*:*:*:*:*", "matchCriteriaId": "2AE780F5-EF56-45F3-A5E7-805A24C04A97", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126102:*:*:*:*:*:*", "matchCriteriaId": "212A00BA-ED01-45F3-9E9C-9E6B75B82CDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "CBFA159F-0293-4E44-BB20-173021991107", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "27D49B1C-1140-4CA7-B10A-9B59ACE69208", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126114:*:*:*:*:*:*", "matchCriteriaId": "1979F66B-749E-41F8-9CBD-E4AD4483B500", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126115:*:*:*:*:*:*", "matchCriteriaId": "BC5A1967-8D4F-4090-A2BA-5FFCEAA2EFFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126116:*:*:*:*:*:*", "matchCriteriaId": "50D85F0C-201C-44D3-92C7-261095B4B03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "36B6C5A9-FC13-4AB0-BE8B-9DFA8FDB0C57", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125450:*:*:*:*:*:*", "matchCriteriaId": "342D59C3-B7A8-44AF-8298-743F5487CD91", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125656:*:*:*:*:*:*", "matchCriteriaId": "9A6D1AC1-8480-42C9-90C6-F47E58B7E44B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.5:build125664:*:*:*:*:*:*", "matchCriteriaId": "F31C74BA-085E-482C-A1E8-D6E9A69462B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "5D3E1BC5-7D01-45E9-A92D-7F2D623F1C4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "B15B6E60-9DF9-4524-8387-8CF0B2B6D0F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "06AEE3B8-3A71-466D-880F-B39E6E4D9899", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "C7E2FFFB-975D-4FFF-A54E-01336B2687BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "4C1FB9D8-1DA7-486C-9418-9C00F4D184D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_msp:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "F78374E4-E4AF-4E77-9AE6-BEC58DCAB6AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125450:*:*:*:*:*:*", "matchCriteriaId": "989668B0-0AEB-4E8B-AC51-42058CC6AC3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125656:*:*:*:*:*:*", "matchCriteriaId": "DC747248-7154-440A-BCD7-2E0F8ACFC042", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.5:build125664:*:*:*:*:*:*", "matchCriteriaId": "F4791DD2-AD34-4239-85CB-D87080D97AA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "F6E1060D-0E32-4330-BB0A-C35D5E11BCE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "FB7DAAA8-6A7B-41EF-8783-7EFDEE747332", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "EA101FBC-D697-4A7E-B539-79097228B735", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "4CC9EF3C-6768-4976-94C8-3FBEE6093ECF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "B5934D8A-C10F-47BC-BB73-45B8CB71C686", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_opmanager_plus:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "59E334B0-6BF6-4674-9D9D-7E9C988BAB57", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125450:*:*:*:*:*:*", "matchCriteriaId": "2BF85206-863D-493C-88F4-15B0BA5276A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125451:*:*:*:*:*:*", "matchCriteriaId": "3C9DE996-1DEC-4AF0-89FD-1E3DA3967BC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125452:*:*:*:*:*:*", "matchCriteriaId": "75FF4D85-97C8-4DF4-ADE6-EDE8EC2DD5BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125453:*:*:*:*:*:*", "matchCriteriaId": "9CAC6467-19F7-4CB2-A5FC-B57A14F4636C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125455:*:*:*:*:*:*", "matchCriteriaId": "60EB56E2-7367-4488-A00D-41464E86B06D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125456:*:*:*:*:*:*", "matchCriteriaId": "3E315636-0897-4421-882D-E8196F7ACAD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.5:build125664:*:*:*:*:*:*", "matchCriteriaId": "E3552F71-C708-41A4-9168-5673C086F507", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126000:*:*:*:*:*:*", "matchCriteriaId": "9505C545-2540-4554-B774-6ECCD64D6115", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126001:*:*:*:*:*:*", "matchCriteriaId": "06CF15AE-51A6-4FB4-A0DA-6097F0B2BE98", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126100:*:*:*:*:*:*", "matchCriteriaId": "11A17B44-C69A-424A-A305-0AD61DCDA2A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126101:*:*:*:*:*:*", "matchCriteriaId": "8600CCB2-4642-4760-AE10-854446251673", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126102:*:*:*:*:*:*", "matchCriteriaId": "087A0139-FA4B-4C85-BAAD-1BDCF7B5F91B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126103:*:*:*:*:*:*", "matchCriteriaId": "2F3B1A89-93A9-43F1-9246-E2081F26DBBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126113:*:*:*:*:*:*", "matchCriteriaId": "9A7C64F7-9B85-4C7F-95B9-468200D2EA7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126114:*:*:*:*:*:*", "matchCriteriaId": "1EE78F81-5F9D-4B98-BA82-24EE281041C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126115:*:*:*:*:*:*", "matchCriteriaId": "298A1371-E23E-4954-8C16-B0F70A575A77", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126116:*:*:*:*:*:*", "matchCriteriaId": "BA174B71-5D43-4783-8744-1A4020A157C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_oputils:12.6:build126117:*:*:*:*:*:*", "matchCriteriaId": "ADB451D9-106E-40DA-A499-B1D8DB1B78BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs."}, {"lang": "es", "value": "Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer y OpUtils versiones anteriores a 27-07-2022 hasta 28-07-2022 (125657, 126002, 126104 y 126118) permiten a atacantes no autenticados obtener la clave API de un usuario y luego acceder a APIs externas"}], "id": "CVE-2022-36923", "lastModified": "2025-09-24T19:43:46.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-08-10T20:16:03.343", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.manageengine.com/itom/advisory/cve-2022-36923.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}