V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
BDU:2023-00171
BDU
CriticalConfirmedExploit available

Уязвимость программных продуктов ManageEngine связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нару…

CVSS
9.8
Critical
EPSS
0.00
p0
Published
2023-01-01
Updated
2023-01-01
Description

Уязвимость программных продуктов ManageEngine связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путем отправки специально сформированного SAML-запроса

Tags · CWE
Pre-auth
Affected products
Zoho corp. Access manager plusZoho corp. Active directory 360Zoho corp. Admanager plusZoho corp. Analytics plusZoho corp. Application control plusZoho corp. Asset explorerZoho corp. Browser security plusZoho corp. Device control plusZoho corp. Endpoint centralZoho corp. Endpoint central mspZoho corp. Endpoint dlpZoho corp. Key manager plusZoho corp. Manageengine adselfservice plusZoho corp. Os deployerZoho corp. Pam360Zoho corp. Password manager proZoho corp. Patch manager plusZoho corp. Remote access plusZoho corp. Remote monitoring and management (rmm)Zoho corp. Servicedesk plus
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2023-01-01
Published
2023-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.000 · p0
Known exploited (KEV)
No
Known exploits — Сканер-ВС
BDU:2023-00171
bdu_exploit · https://bdu.fstec.ru/vul
Enterprise
CVE-2022-47966
github-poc · https://github.com/vonahisec/CVE-2022-47966-Scan
Enterprise
Affected software
ProductVendorStatus
access manager pluszoho corp.Tracked
active directory 360zoho corp.Tracked
admanager pluszoho corp.Tracked
analytics pluszoho corp.Tracked
application control pluszoho corp.Tracked
asset explorerzoho corp.Tracked
browser security pluszoho corp.Tracked
device control pluszoho corp.Tracked
endpoint centralzoho corp.Tracked
endpoint central mspzoho corp.Tracked
endpoint dlpzoho corp.Tracked
key manager pluszoho corp.Tracked
manageengine adselfservice pluszoho corp.Tracked
os deployerzoho corp.Tracked
pam360zoho corp.Tracked
password manager prozoho corp.Tracked
patch manager pluszoho corp.Tracked
remote access pluszoho corp.Tracked
remote monitoring and management (rmm)zoho corp.Tracked
servicedesk pluszoho corp.Tracked
Source databases
BDU
Related vulnerabilities
CVE-2022-47966