CVE-2022-24447

Published Mar 2, 2022

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5DE2310-AFEA-4360-8B9A-005149FB0AC8",
            "versionEndIncluding": "5.9"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.0:6000:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2353BFFF-317D-45FE-AEE4-9C5181C4C449"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.0:6001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F2274F9-9982-4655-A457-A38C49357FDA"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.0:6002:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5C9B05B-8486-4149-A2B2-002A2CBA362D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6100:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8348AEB6-4363-4FD9-B13E-0FE3C1F2B83E"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6150:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "333B2230-216C-4C93-8089-FA8206412BE6"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6151:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "967C2C5D-3205-4283-BEF0-7E2DD14E7795"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6160:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBF68A1A-15E7-4508-8F0B-6C686D3FB271"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.1:6161:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FFFDF150-63A3-4B23-9F28-D805961A112C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References