CVE-2022-38757

Severity CVSS v4.0:

Pending analysis

Type:

CWE-269 Improper Privilege Management

Publication date:

23/12/2022

Last modified:

07/11/2023

Description

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

7.20

Severity 3.x

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:microfocus:zenworks::::::::		2020 (excluding)
cpe:2.3:a:microfocus:zenworks:2020:-::::::
cpe:2.3:a:microfocus:zenworks:2020:update1::::::
cpe:2.3:a:microfocus:zenworks:2020:update2::::::
cpe:2.3:a:microfocus:zenworks:2020:update3::::::
cpe:2.3:a:microfocus:zenworks:2020:update3a::::::

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:microfocus:zenworks::::::::		2020 (excluding)
cpe:2.3:a:microfocus:zenworks:2020:-::::::
cpe:2.3:a:microfocus:zenworks:2020:update1::::::
cpe:2.3:a:microfocus:zenworks:2020:update2::::::
cpe:2.3:a:microfocus:zenworks:2020:update3::::::
cpe:2.3:a:microfocus:zenworks:2020:update3a::::::

CVE-2022-38757

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools