Proof-of-concept exploit code for a known vulnerability in Zoho ManageEngine is likely to be published this week. The pre-authentication remote code execution flaw can be exploited to take control of vulnerable systems. Zoho released updates to address the vulnerability last fall.
Note
- The flaw stems from a flaw in the Apache Santuario third-party plugin which is updated in the patches released in October and November. While this flaw only exists when you have SAML/SSO enabled, you should make sure that you’re on the current version of ManageEngine regardless.
Read more in
Security advisory for remote code execution vulnerability in multiple ManageEngine products
