Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-47966
HistoryJan 18, 2023 - 6:15 p.m.

CVE-2022-47966

2023-01-1818:15:10
[email protected]
web.nvd.nist.gov
1
zoho manageengine
remote code execution
apache santuario xmlsec
saml sso

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).

Affected configurations

NVD
Node
zohocorpmanageengine_access_manager_plusRange<4.3
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4300
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4301
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4302
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4303
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4304
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4305
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4306
OR
zohocorpmanageengine_access_manager_plusMatch4.3build4307
Node
zohocorpmanageengine_ad360Range<4.3
OR
zohocorpmanageengine_ad360Match4.34300
OR
zohocorpmanageengine_ad360Match4.34302
OR
zohocorpmanageengine_ad360Match4.34303
OR
zohocorpmanageengine_ad360Match4.34304
OR
zohocorpmanageengine_ad360Match4.34305
OR
zohocorpmanageengine_ad360Match4.34306
OR
zohocorpmanageengine_ad360Match4.34308
OR
zohocorpmanageengine_ad360Match4.34309
Node
zohocorpmanageengine_adaudit_plusRange<7.0
OR
zohocorpmanageengine_adaudit_plusMatch7.07000
OR
zohocorpmanageengine_adaudit_plusMatch7.07002
OR
zohocorpmanageengine_adaudit_plusMatch7.07003
OR
zohocorpmanageengine_adaudit_plusMatch7.07004
OR
zohocorpmanageengine_adaudit_plusMatch7.07005
OR
zohocorpmanageengine_adaudit_plusMatch7.07006
OR
zohocorpmanageengine_adaudit_plusMatch7.07007
OR
zohocorpmanageengine_adaudit_plusMatch7.07008
OR
zohocorpmanageengine_adaudit_plusMatch7.07050
OR
zohocorpmanageengine_adaudit_plusMatch7.07051
OR
zohocorpmanageengine_adaudit_plusMatch7.07052
OR
zohocorpmanageengine_adaudit_plusMatch7.07053
OR
zohocorpmanageengine_adaudit_plusMatch7.07054
OR
zohocorpmanageengine_adaudit_plusMatch7.07055
OR
zohocorpmanageengine_adaudit_plusMatch7.07060
OR
zohocorpmanageengine_adaudit_plusMatch7.07062
OR
zohocorpmanageengine_adaudit_plusMatch7.07063
OR
zohocorpmanageengine_adaudit_plusMatch7.07065
OR
zohocorpmanageengine_adaudit_plusMatch7.07080
Node
zohocorpmanageengine_admanager_plusRange<7.1
OR
zohocorpmanageengine_admanager_plusMatch7.17100
OR
zohocorpmanageengine_admanager_plusMatch7.17101
OR
zohocorpmanageengine_admanager_plusMatch7.17102
OR
zohocorpmanageengine_admanager_plusMatch7.17110
OR
zohocorpmanageengine_admanager_plusMatch7.17111
OR
zohocorpmanageengine_admanager_plusMatch7.17112
OR
zohocorpmanageengine_admanager_plusMatch7.17113
OR
zohocorpmanageengine_admanager_plusMatch7.17114
OR
zohocorpmanageengine_admanager_plusMatch7.17115
OR
zohocorpmanageengine_admanager_plusMatch7.17116
OR
zohocorpmanageengine_admanager_plusMatch7.17117
OR
zohocorpmanageengine_admanager_plusMatch7.17118
OR
zohocorpmanageengine_admanager_plusMatch7.17120
OR
zohocorpmanageengine_admanager_plusMatch7.17121
OR
zohocorpmanageengine_admanager_plusMatch7.17122
OR
zohocorpmanageengine_admanager_plusMatch7.17123
OR
zohocorpmanageengine_admanager_plusMatch7.17124
OR
zohocorpmanageengine_admanager_plusMatch7.17125
OR
zohocorpmanageengine_admanager_plusMatch7.17126
OR
zohocorpmanageengine_admanager_plusMatch7.17130
OR
zohocorpmanageengine_admanager_plusMatch7.17131
OR
zohocorpmanageengine_admanager_plusMatch7.17140
OR
zohocorpmanageengine_admanager_plusMatch7.17141
OR
zohocorpmanageengine_admanager_plusMatch7.17150
OR
zohocorpmanageengine_admanager_plusMatch7.17151
OR
zohocorpmanageengine_admanager_plusMatch7.17160
OR
zohocorpmanageengine_admanager_plusMatch7.17161
Node
zohocorpmanageengine_adselfservice_plusRange<6.2
OR
zohocorpmanageengine_adselfservice_plusMatch6.26200
OR
zohocorpmanageengine_adselfservice_plusMatch6.26201
OR
zohocorpmanageengine_adselfservice_plusMatch6.26202
OR
zohocorpmanageengine_adselfservice_plusMatch6.26203
OR
zohocorpmanageengine_adselfservice_plusMatch6.26204
OR
zohocorpmanageengine_adselfservice_plusMatch6.26205
OR
zohocorpmanageengine_adselfservice_plusMatch6.26206
OR
zohocorpmanageengine_adselfservice_plusMatch6.26207
OR
zohocorpmanageengine_adselfservice_plusMatch6.26208
OR
zohocorpmanageengine_adselfservice_plusMatch6.26209
OR
zohocorpmanageengine_adselfservice_plusMatch6.26210
Node
zohocorpmanageengine_analytics_plusRange<5.1
OR
zohocorpmanageengine_analytics_plusMatch5.15100
OR
zohocorpmanageengine_analytics_plusMatch5.15110
OR
zohocorpmanageengine_analytics_plusMatch5.15120
OR
zohocorpmanageengine_analytics_plusMatch5.15121
OR
zohocorpmanageengine_analytics_plusMatch5.15130
OR
zohocorpmanageengine_analytics_plusMatch5.15140
Node
zohocorpmanageengine_assetexplorerRange<6.9
OR
zohocorpmanageengine_assetexplorerMatch6.96900
OR
zohocorpmanageengine_assetexplorerMatch6.96901
OR
zohocorpmanageengine_assetexplorerMatch6.96902
OR
zohocorpmanageengine_assetexplorerMatch6.96903
OR
zohocorpmanageengine_assetexplorerMatch6.96904
OR
zohocorpmanageengine_assetexplorerMatch6.96905
OR
zohocorpmanageengine_assetexplorerMatch6.96906
OR
zohocorpmanageengine_assetexplorerMatch6.96907
OR
zohocorpmanageengine_assetexplorerMatch6.96908
OR
zohocorpmanageengine_assetexplorerMatch6.96909
OR
zohocorpmanageengine_assetexplorerMatch6.96950
OR
zohocorpmanageengine_assetexplorerMatch6.96951
OR
zohocorpmanageengine_assetexplorerMatch6.96952
OR
zohocorpmanageengine_assetexplorerMatch6.96953
OR
zohocorpmanageengine_assetexplorerMatch6.96954
OR
zohocorpmanageengine_assetexplorerMatch6.96955
OR
zohocorpmanageengine_assetexplorerMatch6.96956
OR
zohocorpmanageengine_assetexplorerMatch6.96957
OR
zohocorpmanageengine_assetexplorerMatch6.96970
OR
zohocorpmanageengine_assetexplorerMatch6.96971
OR
zohocorpmanageengine_assetexplorerMatch6.96972
OR
zohocorpmanageengine_assetexplorerMatch6.96973
OR
zohocorpmanageengine_assetexplorerMatch6.96974
OR
zohocorpmanageengine_assetexplorerMatch6.96975
OR
zohocorpmanageengine_assetexplorerMatch6.96976
OR
zohocorpmanageengine_assetexplorerMatch6.96977
OR
zohocorpmanageengine_assetexplorerMatch6.96978
OR
zohocorpmanageengine_assetexplorerMatch6.96979
OR
zohocorpmanageengine_assetexplorerMatch6.96980
OR
zohocorpmanageengine_assetexplorerMatch6.96981
OR
zohocorpmanageengine_assetexplorerMatch6.96982
Node
zohocorpmanageengine_key_manager_plusRange<6.4
OR
zohocorpmanageengine_key_manager_plusMatch6.46400
Node
zohocorpmanageengine_pam360Range<5.7
OR
zohocorpmanageengine_pam360Match5.7build5700
OR
zohocorpmanageengine_pam360Match5.7build5710
OR
zohocorpmanageengine_pam360Match5.7build5711
OR
zohocorpmanageengine_pam360Match5.7build5712
Node
zohocorpmanageengine_password_manager_proRange<12.1
OR
zohocorpmanageengine_password_manager_proMatch12.1build12100
OR
zohocorpmanageengine_password_manager_proMatch12.1build12101
OR
zohocorpmanageengine_password_manager_proMatch12.1build12110
OR
zohocorpmanageengine_password_manager_proMatch12.1build12120
OR
zohocorpmanageengine_password_manager_proMatch12.1build12121
OR
zohocorpmanageengine_password_manager_proMatch12.1build12122
OR
zohocorpmanageengine_password_manager_proMatch12.1build12123
Node
zohocorpmanageengine_servicedesk_plusRange<14.0
OR
zohocorpmanageengine_servicedesk_plusMatch14.014000
OR
zohocorpmanageengine_servicedesk_plusMatch14.014001
OR
zohocorpmanageengine_servicedesk_plusMatch14.014002
OR
zohocorpmanageengine_servicedesk_plusMatch14.014003
Node
zohocorpmanageengine_servicedesk_plus_mspRange<13.0
OR
zohocorpmanageengine_servicedesk_plus_mspMatch13.013000
Node
zohocorpmanageengine_supportcenter_plusMatch11.011017
OR
zohocorpmanageengine_supportcenter_plusMatch11.011018
OR
zohocorpmanageengine_supportcenter_plusMatch11.011019
OR
zohocorpmanageengine_supportcenter_plusMatch11.011020
OR
zohocorpmanageengine_supportcenter_plusMatch11.011021
OR
zohocorpmanageengine_supportcenter_plusMatch11.011022
OR
zohocorpmanageengine_supportcenter_plusMatch11.011024
OR
zohocorpmanageengine_supportcenter_plusMatch11.011025
Node
zohocorpapplication_control_plusRange≀10.1.220.17
OR
zohocorpmanageengine_browser_security_plusRange≀11.1.2238.5
OR
zohocorpmanageengine_desktop_centralRange≀10.1.2228.10-
OR
zohocorpmanageengine_desktop_centralRange≀10.1.2228.10managed_service_providers
OR
zohocorpmanageengine_device_control_plusRange≀10.1.2220.17
OR
zohocorpmanageengine_endpoint_dlp_plusRange≀10.1.2137.5
OR
zohocorpmanageengine_os_deployerRange≀1.1.2243.0
OR
zohocorpmanageengine_patch_manager_plusRange≀10.1.2220.17
OR
zohocorpmanageengine_remote_access_plusRange≀10.1.2228.10
OR
zohocorpmanageengine_rmm_centralRange≀10.1.40
OR
zohocorpmanageengine_vulnerability_manager_plusRange≀10.1.2220.17

Related

metasploit 3
cisa_kev 1
redhatcve 1
nessus 5
thn 7
rapid7blog 6
zdt 3
nuclei 1
githubexploit 5
packetstorm 3
saint 2
talosblog 2
impervablog 1
cve 1
hivepro 2
cvelist 1
prion 1
malwarebytes 1
mssecure 2
mmpc 2
ics 1
trellix 2
attackerkb 1
metasploit
metasploit
ManageEngine Endpoint Central Unauthenticated SAML RCE
2023-01-29 07:47:22
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
2023-01-26 20:53:14
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
2023-01-23 23:55:45
cisa_kev
cisa_kev
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
2023-01-23 00:00:00
redhatcve
redhatcve
CVE-2022-47966
2023-01-23 18:05:29
nessus
nessus
ManageEngine ServiceDesk Plus Unauthenticated RCE (CVE-2022-47966)
2023-02-07 00:00:00
ManageEngine ServiceDesk Plus MSP < 13.0 Build 13001 RCE
2023-06-07 00:00:00
ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)
2023-02-21 00:00:00
thn
thn
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
2023-08-24 15:16:00
Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
2023-02-23 15:02:00
Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!
2023-01-17 10:38:00
rapid7blog
rapid7blog
CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability
2023-01-19 17:46:15
Metasploit Weekly Wrap-Up 01/12/24
2024-01-12 21:25:19
Metasploit Wrap-Up 03/08/2024
2024-03-08 17:00:00
zdt
zdt
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution Exploit
2023-02-13 00:00:00
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution Exploit
2023-02-07 00:00:00
ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit
2023-02-13 00:00:00
nuclei
nuclei
ManageEngine - Remote Command Execution
2023-01-19 19:59:16
githubexploit
githubexploit
Exploit for CVE-2022-47966
2023-01-23 10:45:23
Exploit for CVE-2022-47966
2023-01-17 21:26:28
Exploit for CVE-2022-47966
2023-01-23 11:33:29
packetstorm
packetstorm
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution
2023-02-09 00:00:00
ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution
2023-02-08 00:00:00
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution
2023-02-07 00:00:00
saint
saint
Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution
2023-02-17 00:00:00
Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution
2023-02-17 00:00:00
talosblog
talosblog
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
2023-08-24 12:02:13
Lazarus Group's infrastructure reuse leads to discovery of new malware
2023-08-24 12:04:22
impervablog
impervablog
ManageEngine Vulnerability CVE-2022-47966
2023-01-20 18:16:02
cve
cve
CVE-2022-47966
2023-01-18 18:15:10
hivepro
hivepro
A Critical Vulnerability That Affects ManageEngine Products
2023-01-17 09:59:34
Actors, Threats and Vulnerabilities 16 January 2023 – 22 January 2023
2023-01-25 03:14:57
cvelist
cvelist
CVE-2022-47966
2023-01-18 00:00:00
prion
prion
Remote code execution
2023-01-18 18:15:00
malwarebytes
malwarebytes
Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability
2023-01-17 07:00:00
mssecure
mssecure
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
2023-09-14 16:30:00
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
2023-04-18 15:00:00
mmpc
mmpc
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
2023-09-14 16:30:00
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
2023-04-18 15:00:00
ics
ics
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
2023-09-07 12:00:00
trellix
trellix
The Bug Report January 2023 Edition
2023-02-01 00:00:00
The Bug Report January 2023 Edition
2023-02-01 00:00:00
attackerkb
attackerkb
CVE-2022-47966
2023-01-20 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON
Related for NVD:CVE-2022-47966
metasploit3cisa_kev1redhatcve1nessus5thn7rapid7blog6zdt3nuclei1githubexploit5packetstorm3saint2talosblog2impervablog1cve1hivepro2cvelist1prion1malwarebytes1mssecure2mmpc2ics1trellix2attackerkb1