Multiple Zoho ManageEngine ADSelfService Plus instances are vulnerable to a vulnerability that could allow an authenticated end-user to gain remote code execution on a vulnerable ADSelfService Plus. Assigned with CVE-2022-28810, the vulnerability was fixed by Zoho on April 9, 2022, but the flaw is being exploited in the wild. CISA has added the vulnerability … Continue reading “Zoho Patched Remote Code Execution Vulnerability in ManageEngine ADSelfService Plus (CVE-2022-28810)”
Tag: ZOHO
Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)
A critical remote code execution vulnerability has been discovered in multiple Zoho ManageEngine products. Tracked as CVE-2022-47966, this vulnerability affects 24 products of ManageEngine. Successful exploitation of this vulnerability may allow an attacker to perform remote code execution. Khoadha of Viettel Cyber Security has discovered this vulnerability via Zoho Bug Bounty program. Zoho ManageEngine … Continue reading “Zoho Patches Remote Code Execution Vulnerability Affecting Multiple ManageEngine Products (CVE-2022-47966)”
Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)
Zoho has released patches for a critical remote code execution vulnerability in its ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. CISA also added the vulnerability (CVE-2022-35405) to its Known Exploited Vulnerabilities (KEV) Catalog. The advisory strongly recommends users update to the latest versions of PAM360, Access Manager Plus, and Password Manager Pro … Continue reading “Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)”
Zoho ManageEngine ADAudit Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2022-28219)
ManageEngine ADAudit Plus is a security, auditing, and compliance solution for Windows. For Active Directory, Azure AD, file servers, Windows servers, and workstations, key features include thorough login auditing, detailed change tracking, real-time risk alerting, and automated compliance reporting. Endpoints in ManageEngine ADAudit Plus are vulnerable and can allow an unauthenticated attacker to take … Continue reading “Zoho ManageEngine ADAudit Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2022-28219)”
Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)
Zoho has patched a new critical vulnerability that affects the company’s unified endpoint management (UEM) solutions Desktop Central and Desktop Central MSP. Zoho ManageEngine Desktop Central is a desktop and mobile device management software. Administrators can manage servers, laptops, desktops, cellphones, and tablets from one place with this tool. Zoho launched the updated versions of … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44757)”
Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)
Malicious actors are actively exploiting a recently patched critical vulnerability in Zoho’s Desktop Central and Desktop Central MSP products. This is the third time in the last four months that a security vulnerability in one of its products has been exploited in the wild. Tracked as CVE-2021-44515, this is an authentication bypass vulnerability in ManageEngine … Continue reading “Zoho ManageEngine Desktop Central and Desktop Central MSP Authentication Bypass Vulnerability (CVE-2021-44515)”
Zoho ManageEngine ServiceDesk Plus and SupportCenter Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2021-44077)
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have warned users of a newly patched issue in Zoho’s ManageEngine ServiceDesk Plus and SupportCenter Plus that can be used to drop web– shells leading to remote code execution. CVE-2021-44077 is an unauthenticated remote code execution vulnerability that affects older versions of ServiceDesk Plus and SupportCenter Plus. Zoho ManageEngine ServiceDesk Plus remote code execution vulnerability ManageEngine ServiceDesk … Continue reading “Zoho ManageEngine ServiceDesk Plus and SupportCenter Plus Unauthenticated Remote Code Execution Vulnerability (CVE-2021-44077)”
ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)
Summary: A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Description: Zoho ManageEngine Desktop Central faces An untrusted deserialization vulnerability. The vulnerability stems from an improper input validation in the FileStorage class. This … Continue reading “ManageEngine Desktop Central unauthenticated remote code execution vulnerability (CVE-2020-10189)”