Sedara Security Bulletin: Zoho ManageEngine Security Flaw
Zoho ManageEngine has released an advisory of a high-severity security flaw that affects multiple credential management products in the ManageEngine family.
The bug has been published under CVE-2022-47523.
This vulnerability grants access to the backend database of these products to an authenticated attacker. It is a SQL injection vulnerability. Exploiting it allows the attacker to run custom queries against any entries in the backend database. This vulnerability cannot be exploited by unauthenticated users.
- If your organization uses PAM360, Password Manager Pro, or Access Manager Plus, we strongly recommend you upgrade to the latest build immediately. The following versions are vulnerable:
- Password Manager Pro version 12200 and below
- PAM360 version 5800 and below
- Access Manager Plus version 4308 and below
- Enforce strong password policies and MFA whenever possible to prevent credentials from being exploited by attackers.
More Reading on this vulnerability:
Want Help With a Security Incident?
Sedara can help your organization assess and address vulnerabilities and provide insight that prevents future incidents.
Get Future Compromise Alerts – Join Sedara Declassified
Subscribe to Sedara Declassified to get timely updates on new and evolving threats – and what to do about them – just like our clients do. And of course, if we can help you with anything directly, feel free to reach out.