← Retour aux CVEs

CVE-2022-28219

CRITICAL

9.8

Description

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie4/5/2022

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

zohocorp:manageengine_adaudit_plus

Faiblesses (CWE)

CWE-611

References

http://cewolf.sourceforge.net/new/index.html(cve@mitre.org)

http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html(cve@mitre.org)

https://manageengine.com(cve@mitre.org)

https://www.horizon3.ai/red-team-blog-cve-2022-28219/(cve@mitre.org)

https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html(cve@mitre.org)

http://cewolf.sourceforge.net/new/index.html(af854a3a-2127-422b-91ae-364da2661108)

http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html(af854a3a-2127-422b-91ae-364da2661108)

https://manageengine.com(af854a3a-2127-422b-91ae-364da2661108)

https://www.horizon3.ai/red-team-blog-cve-2022-28219/(af854a3a-2127-422b-91ae-364da2661108)

https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.