Unauthenticated File/Directory Creation Vulnerability in ManageEngine OpManager, Network Configuration Manager, NetFlow Analyzer and Firewall Analyzer

Severity: Medium

CVE ID: CVE-2022-35404

Product name
Affected version(s)
Fixed version(s)
Fixed on
125664 and below
125639 / 125655 / 126101
Network Configuration Manager
125664 and below
125639 / 125655 / 126101
NetFlow Analyzer
125664 and below
125639 / 125655 / 126101
Firewall Analyzer
125664 and below
125639 / 125655 / 126101

Unauthenticated creation of multiple arbitrary files and directories led to high resource consumption. This has been fixed now.

This issue has been fixed by introducing validation checks under our server side source code. These checks will validate the param with respective patterns before initiating a session.

Due to huge number of file/ directory creation, there was a possibility of high resource consumption that might compromise the availability of network resources.

Steps to upgrade:

  1. Download the latest upgrade pack from the following links for the respective products:
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

Source and Acknowledgements

This vulnerability was reported by Tenable. Find out more about CVE-2022-35404 from the CVE dictionary.

Kindly contact the respective product support teams for further details at the below mentioned email addresses:

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
Do you want a Price Quote?
For how many devices?
Fill out the form below
Name *
Business Email *
Phone *
By clicking 'Send', you agree to processing of personal data according to the Privacy Policy.
Thank you!
Back to Top