Описание
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-28219
- https://manageengine.com
- https://www.horizon3.ai/red-team-blog-cve-2022-28219
- https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html
- http://cewolf.sourceforge.net/new/index.html
- http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html
Связанные уязвимости
CVSS3: 9.8
nvd
почти 4 года назад
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
CVSS3: 9.8
fstec
почти 4 года назад
Уязвимость компонента cewolf программного средства управления и отчетности Windows Active Directory (AD) Zoho ManageEngine ADAudit Plus, позволяющая нарушителю проводить XXE-атаки