How severe is CVE-2022-24447?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Zohocorp Manageengine_key_manager_plus

CVE-2022-24447

An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export.

EPSS: 0.009 (53.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Zohocorp Manageengine_key_manager_plus — versions 6.0, 6.1
N/a — versions n/a

References

cve@mitre.org (Release Notes, Vendor Advisory)
cve@mitre.org (Third Party Advisory)
cve@mitre.org

Frequently asked questions

What is CVE-2022-24447?: CVE-2022-24447 is a medium-severity vulnerability in Zohocorp Manageengine_key_manager_plus. CVSS score: 6.5/10. Published 2022-03-02.
How severe is CVE-2022-24447?: Medium severity. CVSS v3 base score is 6.5 out of 10.