CVE-2022-47966

Description from NVD

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.

Information Acquisition Date:2023-03-03T14:51Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://manageengine.com
     source:MISC
     tags:Vendor Advisory    
 https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6
     source:MISC
     tags:Release Notes    Third Party Advisory    
 https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
     source:MISC
     tags:Patch    Vendor Advisory    
 http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html
     source:MISC
     tags:
 http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Description from Forti

Proof-of-Concept Released for Zoho ManageEngine RCE vulnerability (CVE-2022-47966)

Information Acquisition Date:2023/01/26

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(4 tweets) Java(2 tweets) Windows(3 tweets) iOS(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...165
https://cvetrends.com49
https://lists.astaro.com/ASGV9-IPS-rules.html#016
https://securityaffairs.com/140920/hacking/zoho-manageengin...16
https://businessinsights.bitdefender.com/tech-advisory-mana...14
https://www.cisa.gov/known-exploited-vulnerabilities-catalog11
https://vulncheck.com/blog/cve-2022-47966-payload11
http://twinybots.ch8
https://thehackernews.com/2023/01/zoho-manageengine-poc-exp...7
https://www.manageengine.com/security/advisory/CVE/cve-2022...7
https://securityonline.info/researchers-release-poc-exploit...6
https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rap...5
https://www.bitdefender.com/blog/labs/weaponizing-pocs-a-ta...5
http://Horizon3.ai4
https://opsmtrs.com/2ZFbaTl4
https://www.horizon3.ai/manageengine-cve-2022-47966-iocs4
https://www.securityweek.com/wild-exploitation-recent-manag...4
https://securityboulevard.com/2023/01/manageengine-cve-2022...4
http://T.ME/APTIRAN3
http://bit.ly/3Z5q5jl3
https://github.com/horizon3ai/CVE-2022-479663
https://twitter.com/Horizon3Attack/status/16133808366607482883
https://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47...3
https://tweetedtimes.com/Pentest101MX?s=tnp3
https://viz.greynoise.io/tag/zoho-manageengine-rce-cve-2022...3
https://terjanq.medium.com/waf-bypasses-via-0days-d4ef1f212ec3
https://www.helpnetsecurity.com/2023/01/17/cve-2022-47966-poc3
https://www.bleepingcomputer.com/news/security/critical-man...3
https://blog.viettelcybersecurity.com/saml-show-stopper3
https://xcloud.spectrum.colortokens.com/cve/CVE-2022-479663

▼ Show Information from Twitter(134)

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com165
cvetrends.com49
lists.astaro.com16
securityaffairs.com16
businessinsights.bitdefender.com14
www.cisa.gov11
vulncheck.com11
twinybots.ch8
thehackernews.com7
www.manageengine.com7
securityonline.info6
attackerkb.com5
www.bitdefender.com5
Horizon3.ai4
opsmtrs.com4
www.horizon3.ai4
www.securityweek.com4
securityboulevard.com4
T.ME3
bit.ly3
github.com3
twitter.com3
www.rapid7.com3
tweetedtimes.com3
viz.greynoise.io3
terjanq.medium.com3
www.helpnetsecurity.com3
www.bleepingcomputer.com3
blog.viettelcybersecurity.com3
xcloud.spectrum.colortokens.com3

▼ Show Information from Twitter(134)

GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-47966 https://github.com/horizon3ai/CVE-2022-47966
vonahisec/CVE-2022-47966-Scan https://github.com/vonahisec/CVE-2022-47966-Scan
Inplex-sys/CVE-2022-47966 https://github.com/Inplex-sys/CVE-2022-47966
shameem-testing/PoC-for-ME-SAML-Vulnerability https://github.com/shameem-testing/PoC-for-ME-SAML-Vulnerability
ACE-Responder/CVE-2022-47966_checker https://github.com/ACE-Responder/CVE-2022-47966_checker
p33d/CVE-2022-47966 https://github.com/p33d/CVE-2022-47966
GitHub Search Results: Up to 10
NameURL
horizon3ai/CVE-2022-47966 github.com
vonahisec/CVE-2022-47966-Scan github.com
Inplex-sys/CVE-2022-47966 github.com
shameem-testing/PoC-for-ME-SAML-Vulnerability github.com
ACE-Responder/CVE-2022-47966_checker github.com
p33d/CVE-2022-47966 github.com
2023/03/26 Score : 0
Added Har-sia Database : 2023/01/11
Last Modified : 2023/03/26
Highest Scored Date : 2023/01/20
Highest Score : 124