Vulnerability Details : CVE-2022-38757
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.
Published
2022-12-23 16:15:10
Updated
2023-01-04 18:00:01
Products affected by CVE-2022-38757
- cpe:2.3:a:microfocus:zenworks:*:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:zenworks:2020:-:*:*:*:*:*:*
- cpe:2.3:a:microfocus:zenworks:2020:update1:*:*:*:*:*:*
- cpe:2.3:a:microfocus:zenworks:2020:update2:*:*:*:*:*:*
- cpe:2.3:a:microfocus:zenworks:2020:update3:*:*:*:*:*:*
- cpe:2.3:a:microfocus:zenworks:2020:update3a:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-38757
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-38757
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
Micro Focus International (DEFUNCT) |
CWE ids for CVE-2022-38757
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by:
- nvd@nist.gov (Primary)
- security@microfocus.com (Secondary)
References for CVE-2022-38757
-
https://kmviewer.saas.microfocus.com/#/PH_206719
Vendor Advisory
-
https://portal.microfocus.com/s/article/KM000012895?language=en_US
Vendor Advisory
-
https://kmviewer.saas.microfocus.com/#/PH_206720
Broken Link
Jump to