Remote Code Execution - CVE-2022-38772

Severity: High

CVE ID: CVE-2022-38772

Product name Affected Version(s) Fixed Version(s) Fixed On
OpManager
OpManager Plus
OpManager MSP
Network Configuration Manager
NetFlow Analyzer
OpUtils
Customers with builds between 126113 and 126119 126120 29-07-2022
Customers with builds between 126100 and 126104 126105 30-07-2022
Customers with builds 126000 and 126002
Customers with build 125664 126003
Customers with builds between 125450 and 125657 125658

Details:

Earlier, there was a Remote Code Execution (RCE) vulnerability in IPv4 address management reported by an anonymous working with Trend Micro Zero Day Initiative. This has been fixed now.

Impact:

Any authenticated user can carry out changes to the database and perform RCE using it.

Steps to upgrade:

  1. Kindly download the latest upgrade pack from the following links for the respective products:
  2. Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

Source and Acknowledgements

This vulnerability was reported by an anonymous working with Trend Micro Zero Day Initiative. Find out more about CVE-2022-38772 from the CVE dictionary.

Kindly contact the respective product support teams for further details at the below mentioned email addresses:

 

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Jonathan ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
  •  Mohd Jaffer Tawfiq Murtaja, Information Security officer from Al Ain sports club
     Venkatesan Veerappan, IT Consultant
 Pricing  Get Quote