CVE-2022-47966 — Vulnetix

CVE-2022-47966 PUBLISHED KEV

Es existiert eine Schwachstelle in mehreren Zoho ManageEngine Produkten, wie z.B. Endpoint Central. Der Fehler besteht aufgrund der Verwendung einer veralteten Drittanbieter-Abhängigkeit in Apache Santuario im Zusammenhang mit der SAML single-sign-on Funktionalität. Ein entfernter, anonymer Angreifer kann diese Schwachstelle zur Ausführung von beliebigem Code mit "NT AUTHORITY\SYSTEM" Rechten ausnutzen.

EPSS 94.38% · 100.0th percentile

Risk Scores

EPSS Score

94.38%

100.0th percentile

Exploit Intelligence

Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products. (github-poc-repo)
Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products. (github-poc-repo)
Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products. (github-poc-repo)
Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products. (github-poc-repo)
Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products. (github-poc-repo)
Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products. (github-poc-repo)
Python scanner for CVE-2022-47966. Supports ~10 of the 24 affected products. (github-poc-repo)
The manage engine mass loader for CVE-2022-47966 (github-poc-repo)
The manage engine mass loader for CVE-2022-47966 (github-poc-repo)
The manage engine mass loader for CVE-2022-47966 (github-poc-repo)

…and 391 more exploits

Timeline

Jun 28, 2021 PoC Published
Dec 11, 2021 PoC Published
Dec 13, 2021 PoC Published
Jun 7, 2022 PoC Published
Sep 16, 2022 PoC Published
Jan 13, 2023 PoC Published
Jan 17, 2023 PoC Published
Jan 17, 2023 PoC Published
Jan 17, 2023 PoC Published
Jan 17, 2023 PoC Published
Jan 17, 2023 CVE Published
Jan 18, 2023 PoC Published

References

Open in Interactive Console →