Executive Summary

CVE-2022-47966 is a remote code execution vulnerability which impacts Zoho’s ManageEngine On-Premise products, due to the use of an outdated third-party dependency, Apache Santuario. The exploit for this vulnerability has now been publicly released. Software updates addressing the vulnerabilities were previously released by Zoho across October/November last year.

What’s the risk to me or my business?

Successful exploitation of this vulnerability would grant an attacker the ability to remotely execute code. Users of ManageEngine On-Demand/cloud products are not affected by this vulnerability. In addition, the exploit is applicable, only when Single Sign-on (SSO) is or was enabled during the initial ManageEngine setup.

What can I do?

For organisations using ManageEngine On-Premise products where Single Sign-on (SSO) is or was enabled during initial setup, it is strongly recommended to install the patched version which addresses this vulnerability.

Further information on the security advisory from Zoho ManageEngine can be found here, including impacted version numbers, and the version numbers where the exploit was fixed: https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity