Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
References
Link | Resource |
---|---|
https://manageengine.com | Vendor Advisory |
https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html | Patch Vendor Advisory |
https://www.horizon3.ai/red-team-blog-cve-2022-28219/ | Exploit Third Party Advisory |
http://cewolf.sourceforge.net/new/index.html | Product Third Party Advisory |
http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-04-05 12:15
Updated : 2022-10-25 19:30
NVD link : CVE-2022-28219
Mitre link : CVE-2022-28219
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
zohocorp
- manageengine_adaudit_plus