Patch Now: Exploitation of Critical Vuln in Zoho ManageEngine Products

A critical pre-authentication remote code execution vulnerability has been reported in Zoho ManageEngine (CVE-2022-47966). The vulnerability is due to the usage of an outdated third-party dependency – Apache Santuario. Rapid7 advised that exploitation was seen impacting at least 24 on-premises ManageEngine products. Horizon3.ai researchers have already created a Proof-of-Concept exploit that is publicly available.

This ManageEngine Advisory is a PATCH NOW situation. We recommend MSPs search managed environments for affected software and apply relevant updates immediately.

Read more here: https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/

-Kaseya Vulnerability Management Team

Security Advisories Archives
RSS Feed

To View the RSS Feed of our advisory postings, please input this link into your feed reader.