Unauthenticated remote code execution vulnerability in Zoho ManageEngine products - CVE-2022-47966ID: oval:org.secpod.oval:def:87016 | Date: (C)2023-01-24 (M)2023-09-14 |
Class: VULNERABILITY | Family: windows |
The host is installed with Zoho ManageEngine ServiceDesk Plus (SDP) before build 14004, Zoho ManageEngine ServiceDesk Plus MSP before 13001 or Zoho ManageEngine SupportCenter Plus 11017 before 11026 or Zoho ManageEngine ADSelfService Plus before 6211 and is prone to an unauthenticated remote code execution vulnerability. The flaws are present in the application due to the usage of an outdated third party dependency, Apache Santuario. Successful exploitation allows an unauthenticated attacker to execute arbitrary code and carry out any subsequent attacks.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 10 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Product: |
Zoho ManageEngine ServiceDesk Plus |
Zoho ManageEngine ServiceDesk Plus MSP |
Zoho ManageEngine SupportCenter Plus |
Zoho ManageEngine ADSelfService Plus |