CVE-2022-38757
Published: Dec 23, 2022
Modified: Apr 15, 2025
CVSS v3.1
7.2
Description
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.
| Vendor | Product | Versions |
|---|---|---|
Micro Focus | ZENworks Configuration Management (ZCM) | affected ZENworks 2020 - <= Update 3a |
Micro Focus | ZENworks Asset Management | affected ZENworks 2020 - <= Update 3a |
Micro Focus | ZENworks Endpoint Security Management (ZESM) | affected ZENworks 2020 - <= Update 3a |
Micro Focus | ZENworks Patch Management (ZPM) | affected ZENworks 2020 - <= Update 3a |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now