7.2

CVE-2022-38757

EPSS 0.08%
Published 23.12.2022 16:15:09
Last modified 21.11.2024 07:17:02
Source security@opentext.com
Teams watchlist Login
Open Login

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microfocus ≫ Zenworks Version < 2020

Microfocus ≫ Zenworks Version2020 Update-

Microfocus ≫ Zenworks Version2020 Updateupdate1

Microfocus ≫ Zenworks Version2020 Updateupdate2

Microfocus ≫ Zenworks Version2020 Updateupdate3

Microfocus ≫ Zenworks Version2020 Updateupdate3a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.244

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
security@opentext.com	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://kmviewer.saas.microfocus.com/#/PH_206719

https://kmviewer.saas.microfocus.com/#/PH_206720

https://portal.microfocus.com/s/article/KM000012895?language=en_US

https://nvd.nist.gov/vuln/detail/CVE-2022-38757

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38757

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38757

EUVD