CVE-2022-47966 Scanner
CVE-2022-47966 scanner - Remote Code Execution (RCE) vulnerability in Multiple Zoho ManageEngine on-premise products
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
Zoho ManageEngine on-premise products are widely used in various industries for streamlining business operations and providing efficient service to clients. These products include ServiceDesk Plus, Active Directory 360, ADAudit Plus, ADManager Plus, ADSelfService Plus, Analytics Plus, Application Control Plus, Asset Explorer, Browser Security Plus, Device Control Plus, Endpoint Central, Endpoint Central MSP, Endpoint DLP, Key Manager Plus, OS Deployer, PAM 360, Password Manager Pro, Patch Manager Plus, Remote Access Plus, Remote Monitoring and Management (RMM), SupportCenter Plus, ServiceDesk Plus MSP, and Vulnerability Manager Plus. These products are designed to cater to the needs of modern businesses, ensuring smooth operation and high productivity.
CVE-2022-47966 is a critical vulnerability detected in multiple Zoho ManageEngine on-premise products, including ServiceDesk Plus, Active Directory 360, ADAudit Plus, and more. This vulnerability is a result of the use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, where the application is responsible for certain security protections due to the XSLT features in that version. However, the ManageEngine applications did not provide these protections, which leads to potential remote code execution.
The exploitation of this vulnerability can lead to serious consequences for businesses. Attackers can gain access to sensitive data, interrupt business operations, or even bring down the entire system. As many of these products are essential for day-to-day business operations, any disruption in their functionality can result in reduced productivity, loss of revenue, and damage to the reputation of the business.
In conclusion, the security of digital assets is a critical concern for businesses operating in the modern world. With the pro features of the s4e.io platform, information about vulnerabilities in digital assets can be easily and quickly obtained. By taking necessary precautions and staying informed about potential vulnerabilities, businesses can ensure the safety and integrity of their digital assets.
REFERENCES
