April 19, 2024

The U.S. CISA today added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 with a CVSS score 9.8, to its Known Exploited Vulnerabilities Catalog.

The CVE-2022-35405 flaw is a remote code execution vulnerability that impacts Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus.

Advertisements

Affected version

  • Password Manager Pro versions 12100 and below
  • PAM360 versions 5500 and below
  • Access Manager Plus versions 4302 and below

Zoho addressed the issue by removing the vulnerable components and strongly recommends its customers to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus immediately due to the availability of a PoC exploit.

CISA orders federal agencies to fix these vulnerabilities by October 13, 2022.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Windows New Privilege Escalation on Sale in dark forum

April 19, 2024

HashiCorp Critical Vulnerability – CVE-2024-3817

April 18, 2024

Cisco Integrated Management Controller Vulnerabilities

April 18, 2024

Windows Kernel Vulnerability – CVE-2024-21338 PoC Exploit Released

April 17, 2024

Cisco Duo Identify Data Breach

April 17, 2024

Tanium new Automate Feature

April 16, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading