A critical remote code execution vulnerability has been discovered in multiple Zoho ManageEngine products. Tracked as CVE-2022-47966, this vulnerability affects 24 products of ManageEngine. Successful exploitation of this vulnerability may allow an attacker to perform remote code execution. Khoadha of Viettel Cyber Security has discovered this vulnerability via Zoho Bug Bounty program. Zoho ManageEngine … Continue reading “Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)”
Tag: ManageEngine
Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)
Zoho has released patches for a critical remote code execution vulnerability in its ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. CISA also added the vulnerability (CVE-2022-35405) to its Known Exploited Vulnerabilities (KEV) Catalog. The advisory strongly recommends users update to the latest versions of PAM360, Access Manager Plus, and Password Manager Pro … Continue reading “Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)”
Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)
Zoho has patched a new critical vulnerability that affects the company’s unified endpoint management (UEM) solutions Desktop Central and Desktop Central MSP. Zoho ManageEngine Desktop Central is a desktop and mobile device management software. Administrators can manage servers, laptops, desktops, cellphones, and tablets from one place with this tool. Zoho launched the updated versions of … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)”
Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)
Malicious actors are actively exploiting a recently patched critical vulnerability in Zoho’s Desktop Central and Desktop Central MSP products. This is the third time in the last four months that a security vulnerability in one of its products has been exploited in the wild. Tracked as CVE-2021-44515, this is an authentication bypass vulnerability in ManageEngine … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)”
Zoho AD Manager Plus multiple Vulnerabilities
Overview AD Manager Plus product of Zoho corporation is vulnerable to multiple Unauthenticated critical vulnerability. Active Directory management tool offers administrators customizable templates to manage all the aspects of Active Directory account creation and modification Bypass Authentication check: AD Manager Plus is a java web application. web.xml contains declaration for java servlet. Web.xml <servlet-mapping> section … Continue reading “Zoho AD Manager Plus multiple Vulnerabilities”
ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)
Summary: A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Description: Zoho ManageEngine Desktop Central faces An untrusted deserialization vulnerability. The vulnerability stems from an improper input validation in the FileStorage class. This … Continue reading “ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)”
Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities
Abstract: While doing our daily research for ThreatPROTECT, I came across ManageEngine, Zoho Corporation’s OpManager product. It is a network monitoring software that helps administrators discover, map, monitor and manage complete IT infrastructure thereby providing all the visibility and control that you need over your network. So we decided to use it for our internal … Continue reading “Zoho ManageEngine OpManager 12.0 Multiple Vulnerabilities”