Zoho ManageEngine ADAudit Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2022-28219)

ManageEngine ADAudit Plus is a security, auditing, and compliance solution for Windows. For Active Directory, Azure AD, file servers, Windows servers, and workstations, key features include thorough login auditing, detailed change tracking, real-time risk alerting, and automated compliance reporting. 
Endpoints in ManageEngine ADAudit Plus are vulnerable and can allow an unauthenticated attacker to take advantage of XML External Entities (XXE), Java deserialization, and path traversal flaws. The chain could be used to execute unauthenticated remote codes. 
Affected versions  
Zoho ManageEngine ADAudit Plus versions Prior to build 7060 are affected by this vulnerability.  
Customers are advised to update to Zoho ManageEngine ADAudit Plus build version 7060 to patch the vulnerability. For more information, customers can refer to the Zoho ManageEngine ADAudit Plus Security Advisory 
Qualys Detection  
Qualys customers can scan their devices with QID 376525 to detect vulnerable assets.  
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.  

Leave a Reply

Your email address will not be published. Required fields are marked *