Vulnerabilities > CVE-2022-28219 - XXE vulnerability in Zohocorp Manageengine Adaudit Plus
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 47 |
Common Weakness Enumeration (CWE)
Related news
- Zoho ManageEngine ADAudit Plus bug gets public RCE exploit (source)
- Researchers to release PoC exploit for critical Zoho RCE bug, patch now (source)
- Researchers to release PoC exploit for critical ManageEngine RCE bug, patch now (source)
- Exploit released for critical ManageEngine RCE bug, patch now (source)
References
- https://manageengine.com
- https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html
- https://www.horizon3.ai/red-team-blog-cve-2022-28219/
- http://cewolf.sourceforge.net/new/index.html
- http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html