CISA Adds ZOHO RCE to Exploited Catalog
The U.S. CISA today added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 with a CVSS score 9.8, to its Known Exploited Vulnerabilities Catalog.
The CVE-2022-35405 flaw is a remote code execution vulnerability that impacts Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus.
- Password Manager Pro versions 12100 and below
- PAM360 versions 5500 and below
- Access Manager Plus versions 4302 and below
Zoho addressed the issue by removing the vulnerable components and strongly recommends its customers to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus immediately due to the availability of a PoC exploit.
CISA orders federal agencies to fix these vulnerabilities by October 13, 2022.