What is the severity of CVE-2022-38757?

The severity of CVE-2022-38757 is high with a value of 7.2.

How does CVE-2022-38757 affect Micro Focus ZENworks?

CVE-2022-38757 affects Micro Focus ZENworks 2020 Update 3a and prior versions.

What actions can administrators with rights do on managed devices in the ZENworks zone?

Administrators with rights can perform actions such as installing a bundle on managed devices in the ZENworks zone.

How can CVE-2022-38757 be fixed?

To fix CVE-2022-38757, users should update to Micro Focus ZENworks 2020 Update 3a or a later version.

Is there any additional information available about CVE-2022-38757?

Yes, additional information about CVE-2022-38757 can be found in the references provided: [Reference 1](https://kmviewer.saas.microfocus.com/#/PH_206719), [Reference 2](https://kmviewer.saas.microfocus.com/#/PH_206720), [Reference 3](https://portal.microfocus.com/s/article/KM000012895?language=en_US).

Vulnerability/
CVE-2022-38757

high

7.2

CWE

269

23/12/2022

3/8/2024

CVE-2022-38757: ZENworks

First published: Fri Dec 23 2022(Updated: )

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.

Credit: security@microfocus.com

Affected Software	Affected Version	How to fix
Microfocus Zenworks	<2020
Microfocus Zenworks	=2020
Microfocus Zenworks	=2020-update1
Microfocus Zenworks	=2020-update2
Microfocus Zenworks	=2020-update3
Microfocus Zenworks	=2020-update3a

Remedy

Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of ZENworks: https://kmviewer.saas.microfocus.com/#/PH_206719 (ZENworks 2020 Update 2) https://kmviewer.saas.microfocus.com/#/PH_206720 (ZENworks 2020 Update 3a and ZENworks 2020 Update 3)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-38757?
The severity of CVE-2022-38757 is high with a value of 7.2.
How does CVE-2022-38757 affect Micro Focus ZENworks?
CVE-2022-38757 affects Micro Focus ZENworks 2020 Update 3a and prior versions.
What actions can administrators with rights do on managed devices in the ZENworks zone?
Administrators with rights can perform actions such as installing a bundle on managed devices in the ZENworks zone.
How can CVE-2022-38757 be fixed?
To fix CVE-2022-38757, users should update to Micro Focus ZENworks 2020 Update 3a or a later version.
Is there any additional information available about CVE-2022-38757?
Yes, additional information about CVE-2022-38757 can be found in the references provided: [Reference 1](https://kmviewer.saas.microfocus.com/#/PH_206719), [Reference 2](https://kmviewer.saas.microfocus.com/#/PH_206720), [Reference 3](https://portal.microfocus.com/s/article/KM000012895?language=en_US).

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/remedy
agent/weakness
agent/severity
agent/author
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/microfocus
canonical/microfocus zenworks
version/microfocus zenworks/2020
version/microfocus zenworks/2020-update1
version/microfocus zenworks/2020-update2
version/microfocus zenworks/2020-update3
version/microfocus zenworks/2020-update3a