Vulnerability Description
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Zenworks | < 2020 |
Related Weaknesses (CWE)
References
- https://kmviewer.saas.microfocus.com/#/PH_206719
- https://kmviewer.saas.microfocus.com/#/PH_206720
- https://portal.microfocus.com/s/article/KM000012895?language=en_US
- https://kmviewer.saas.microfocus.com/#/PH_206719
- https://kmviewer.saas.microfocus.com/#/PH_206720
- https://portal.microfocus.com/s/article/KM000012895?language=en_US
FAQ
What is CVE-2022-38757?
CVE-2022-38757 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set...
How severe is CVE-2022-38757?
CVE-2022-38757 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38757?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Zenworks.