CVE-2022-24447
First published: Wed Mar 02 2022(Updated: )
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Key Manager Plus | <=5.9 | |
| Zohocorp Manageengine Key Manager Plus | =6.0-6000 | |
| Zohocorp Manageengine Key Manager Plus | =6.0-6001 | |
| Zohocorp Manageengine Key Manager Plus | =6.0-6002 | |
| Zohocorp Manageengine Key Manager Plus | =6.1-6100 | |
| Zohocorp Manageengine Key Manager Plus | =6.1-6150 | |
| Zohocorp Manageengine Key Manager Plus | =6.1-6151 | |
| Zohocorp Manageengine Key Manager Plus | =6.1-6160 | |
| Zohocorp Manageengine Key Manager Plus | =6.1-6161 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-24447?
CVE-2022-24447 is a vulnerability discovered in Zoho ManageEngine Key Manager Plus before version 6200 that allows a user with the level Operator to access stored SSL certificates and associated key pairs during export.
What is the severity of CVE-2022-24447?
The severity of CVE-2022-24447 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2022-24447?
Zoho ManageEngine Key Manager Plus versions up to 5.9 and versions 6.0-6000 to 6.1-6161 are affected by CVE-2022-24447.
How can I mitigate CVE-2022-24447?
To mitigate CVE-2022-24447, it is recommended to update Zoho ManageEngine Key Manager Plus to version 6200 or later.
Where can I find more information about CVE-2022-24447?
You can find more information about CVE-2022-24447 at the following links: - [Excellium Services Advisory](https://excellium-services.com/cert-xlm-advisory/cve-2022-24447/) - [ManageEngine Key Manager Release Notes](https://www.manageengine.com/key-manager/release-notes.html#6200)
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zohocorp
- canonical/zohocorp manageengine key manager plus
- version/zohocorp manageengine key manager plus/5.9
- version/zohocorp manageengine key manager plus/6.0-6000
- version/zohocorp manageengine key manager plus/6.0-6001
- version/zohocorp manageengine key manager plus/6.0-6002
- version/zohocorp manageengine key manager plus/6.1-6100
- version/zohocorp manageengine key manager plus/6.1-6150
- version/zohocorp manageengine key manager plus/6.1-6151
- version/zohocorp manageengine key manager plus/6.1-6160
- version/zohocorp manageengine key manager plus/6.1-6161