Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveFluid AttacksCVE-2022-23050
HistoryMay 24, 2022 - 7:15 p.m.

CVE-2022-23050

2022-05-2419:15:09
CWE-427
Fluid Attacks
web.nvd.nist.gov
46
4
cve-2022-23050
manageengine
appmanager15
build no:15510
dll hijack
vulnerability
upload files / binaries
nvd.

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the ‘working’ folder through the ‘Upload Files / Binaries’ functionality.

Affected configurations

Nvd
Node
zohocorpmanageengine_applications_managerRange15.015.5
OR
zohocorpmanageengine_applications_managerMatch15.5-
OR
zohocorpmanageengine_applications_managerMatch15.5build15500
OR
zohocorpmanageengine_applications_managerMatch15.5build15510
VendorProductVersionCPE
zohocorpmanageengine_applications_manager*cpe:2.3:a:zohocorp:manageengine_applications_manager:*:*:*:*:*:*:*:*
zohocorpmanageengine_applications_manager15.5cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:-:*:*:*:*:*:*
zohocorpmanageengine_applications_manager15.5cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15500:*:*:*:*:*:*
zohocorpmanageengine_applications_manager15.5cpe:2.3:a:zohocorp:manageengine_applications_manager:15.5:build15510:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "ManageEngine AppManager15",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Build No:15510"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2022-23050
2022-05-24 18:02:05
prion
prion
Design/Logic Flaw
2022-05-24 19:15:00
nvd
nvd
CVE-2022-23050
2022-05-24 19:15:09

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON
Related for CVE-2022-23050
cvelist1prion1nvd1