Proof-of-concept exploit code for a known vulnerability in Zoho ManageEngine is likely to be published this week. The pre-authentication remote code execution flaw can be exploited to take control of vulnerable systems. Zoho released updates to address the vulnerability last fall.
Note
- The flaw stems from a flaw in the Apache Santuario third-party plugin which is updated in the patches released in October and November. While this flaw only exists when you have SAML/SSO enabled, you should make sure that you’re on the current version of ManageEngine regardless.
Read more in
Security advisory for remote code execution vulnerability in multiple ManageEngine products
ManageEngine CVE-2022-47966 IOCs