Security Bulletin
This security bulletin contains one critical risk vulnerability.
EUVDB-ID: #VU71210
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-47966
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error in the Apache Santuario, which affects Zoho ManageEngine products, when SAML SSO is enabled. A remote non-authenticated attacker can bypass authentication process and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Note, the vulnerability affects systems with configured SAML-based SSO.
Vulnerable software versionsManageEngine Access Manager Plus: 4.1 4100 - 4.3 4307
Vulnerability Manager Plus: before 10.1.2220.18
Remote Monitoring and Management (RMM): before 10.1.41
Zoho ManageEngine Remote Access Plus: before 10.1.2228.11
Patch Manager Plus: before 10.1.2220.18
Password Manager Pro: before 12124
PAM 360: before 5713
OS Deployer: before 1.1.2243.1
Key Manager Plus: before 6401
Endpoint DLP: before 10.1.2137.6
Endpoint Central MSP: before 10.1.2228.11
Endpoint Central: before 10.1.2228.11
Device Control Plus: before 10.1.2220.18
ManageEngine Browser Security Plus: before 11.1.2238.6
ManageEngine Application Control Plus: before 10.1.2220.18
ManageEngine Analytics Plus: before 5150
Zoho ManageEngine ADManager Plus: before 7162
Zoho ManageEngine Active Directory 360: before 4310
ManageEngine AssetExplorer: before 6983
Zoho ManageEngine ServiceDesk Plus MSP: before 13001
Zoho ManageEngine SupportCenter Plus: before 11026
Zoho ManageEngine ADAudit Plus: before 7081
Zoho ManageEngine ADSelfService Plus: before 6211
Zoho ManageEngine ServiceDesk Plus: before 14.0 14004
CPE2.3 External linkshttp://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?