Unauthenticated File/Directory Creation Vulnerability in ManageEngine OpManager, Network Configuration Manager, NetFlow Analyzer and Firewall Analyzer

Severity: Medium

CVE ID: CVE-2022-35404

Details:
Unauthenticated creation of multiple arbitrary files and directories led to high resource consumption. This has been fixed now.

This issue has been fixed by introducing validation checks under our server side source code. These checks will validate the param with respective patterns before initiating a session.

Impact:
Due to huge number of file/ directory creation, there was a possibility of high resource consumption that might compromise the availability of network resources.

Steps to upgrade:

1. Download the latest upgrade pack from the following links for the respective products:
   • OpManager: https://www.manageengine.com/network-monitoring/service-packs.html
   • Network Configuration Manager: https://www.manageengine.com/network-configuration-manager/upgradepack.html
   • NetFlow Analyzer: https://www.manageengine.com/products/netflow/service-packs.html
   • Firewall Analyzer: https://www.manageengine.com/products/firewall/service-packs.html
2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

Kindly contact the respective product support teams for further details at the below mentioned email addresses:

• OpManager: itom-upgrades@manageengine.com
• Network Configuration Manager: ncm-support@manageengine.com
• NetFlow Analyzer: netflowanalyzer-support@manageengine.com
• FireWall Analyzer: fwa-support@manageengine.com