Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:27C5127555C4E549C099885D4DCD41D9
HistoryFeb 17, 2023 - 12:00 a.m.

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

2023-02-1700:00:00
SAINT Corporation
download.saintcorporation.com
164
zoho manageengine servicedesk plus
samlresponse
command execution
vulnerability
apache santuario library
remote attack
unauthenticated
upgrade
cve-2022-47966
saml-based sso
windows

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

JSON

Added: 02/17/2023

Background

Zoho ManageEngine ServiceDesk Plus is IT helpdesk software.

Problem

A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted **SAMLResponse** parameter to the SAML endpoint.

Resolution

Upgrade to ServiceDesk Plus 14004 or higher.

References

<https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html&gt;
<https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/&gt;

Limitations

The target must have been configured with SAML-based SSO at least once in the past in order to be exploitable.

Platforms

Windows

Related

hivepro 2
thn 7
packetstorm 3
prion 1
rapid7blog 6
nessus 5
talosblog 2
cvelist 1
githubexploit 5
zdt 3
impervablog 1
cve 1
nvd 1
nuclei 1
metasploit 3
saint 1
cisa_kev 1
redhatcve 1
vulnrichment 1
mmpc 2
mssecure 2
malwarebytes 1
trellix 2
ics 2
attackerkb 1
hivepro
hivepro
A Critical Vulnerability That Affects ManageEngine Products
2023-01-17 09:59:34
Actors, Threats and Vulnerabilities 16 January 2023 – 22 January 2023
2023-01-25 03:14:57
thn
thn
Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
2023-02-23 15:02:00
Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!
2023-01-17 10:38:00
Lazarus Group Exploits Critical Zoho ManageEngine Flaw to Deploy Stealthy QuiteRAT Malware
2023-08-24 15:16:00
packetstorm
packetstorm
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution
2023-02-07 00:00:00
ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution
2023-02-08 00:00:00
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution
2023-02-09 00:00:00
prion
prion
Remote code execution
2023-01-18 18:15:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 01/12/24
2024-01-12 21:25:19
CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability
2023-01-19 17:46:15
Metasploit Wrap-Up 03/08/2024
2024-03-08 17:00:00
nessus
nessus
ManageEngine ServiceDesk Plus MSP Unauthenticated RCE (CVE-2022-47966)
2023-02-10 00:00:00
ManageEngine ServiceDesk Plus < 14.0 Build 14004 RCE
2023-06-07 00:00:00
ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)
2023-02-21 00:00:00
talosblog
talosblog
Lazarus Group's infrastructure reuse leads to discovery of new malware
2023-08-24 12:04:22
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
2023-08-24 12:02:13
cvelist
cvelist
CVE-2022-47966
2023-01-18 00:00:00
githubexploit
githubexploit
Exploit for Vulnerability in Zohocorp Manageengine Access Manager Plus
2023-01-19 16:06:56
Exploit for Improper Input Validation in Zohocorp Manageengine Access Manager Plus
2023-01-23 15:49:10
Exploit for Improper Input Validation in Zohocorp Manageengine Access Manager Plus
2023-01-23 11:33:29
zdt
zdt
ManageEngine ADSelfService Plus Unauthenticated SAML Remote Code Execution Exploit
2023-02-13 00:00:00
Zoho ManageEngine ServiceDesk Plus 14003 Remote Code Execution Exploit
2023-02-07 00:00:00
Zoho ManageEngine Endpoint Central / MSP 10.1.2228.10 Remote Code Execution Exploit
2023-02-13 00:00:00
impervablog
impervablog
ManageEngine Vulnerability CVE-2022-47966
2023-01-20 18:16:02
cve
cve
CVE-2022-47966
2023-01-18 18:15:10
nvd
nvd
CVE-2022-47966
2023-01-18 18:15:10
nuclei
nuclei
ManageEngine - Remote Command Execution
2023-01-19 19:59:16
metasploit
metasploit
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
2023-01-23 23:55:45
ManageEngine ADSelfService Plus Unauthenticated SAML RCE
2023-01-26 20:53:14
ManageEngine Endpoint Central Unauthenticated SAML RCE
2023-01-29 07:47:22
saint
saint
Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution
2023-02-17 00:00:00
cisa_kev
cisa_kev
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
2023-01-23 00:00:00
redhatcve
redhatcve
CVE-2022-47966
2023-01-23 18:05:29
vulnrichment
vulnrichment
CVE-2022-47966
2023-01-18 00:00:00
mmpc
mmpc
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
2023-09-14 16:30:00
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
2023-04-18 15:00:00
mssecure
mssecure
Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
2023-09-14 16:30:00
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
2023-04-18 15:00:00
malwarebytes
malwarebytes
Update now! Proof of concept code to be released for Zoho ManageEngine vulnerability
2023-01-17 07:00:00
trellix
trellix
The Bug Report January 2023 Edition
2023-02-01 00:00:00
The Bug Report January 2023 Edition
2023-02-01 00:00:00
ics
ics
Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
2023-09-07 12:00:00
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
2024-07-25 12:00:00
attackerkb
attackerkb
CVE-2022-47966
2023-01-18 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.975

Percentile

100.0%

JSON
Related for SAINT:27C5127555C4E549C099885D4DCD41D9
hivepro2thn7packetstorm3prion1rapid7blog6nessus5talosblog2cvelist1githubexploit5zdt3impervablog1cve1nvd1nuclei1metasploit3saint1cisa_kev1redhatcve1vulnrichment1mmpc2mssecure2malwarebytes1trellix2ics2attackerkb1