Severity: High
CVE ID: CVE-2022-38772
Product name | Affected Version(s) | Fixed Version(s) | Fixed On |
---|---|---|---|
OpManager OpManager Plus OpManager MSP Network Configuration Manager NetFlow Analyzer OpUtils |
Customers with builds between 126113 and 126119 | 126120 | 29-07-2022 |
Customers with builds between 126100 and 126104 | 126105 | 30-07-2022 | |
Customers with builds 126000 and 126002 | |||
Customers with build 125664 | 126003 | ||
Customers with builds between 125450 and 125657 | 125658 |
Details:
Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv4 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now.
Impact:
Any authenticated user can carry out changes to the database and perform RCE using it.
Steps to upgrade:
Source and Acknowledgements
This vulnerability was reported by an anonymous working with Trend Micro Zero Day Initiative. Find out more about CVE-2022-38772 from the CVE dictionary.
Kindly contact the respective product support teams for further details at the below mentioned email addresses: