Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2023/01/23 6:5 p.m.54 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

8.1CVSS9.9AI score0.99753EPSS
Exploits15References4
NVD
NVD
added 2023/01/18 6:15 p.m.48 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

9.8CVSS10AI score0.99753EPSS
Exploits15References11
Prion
Prion
added 2023/01/18 6:15 p.m.32 views

Remote code execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

7.5CVSS9.7AI score0.99753EPSS
Exploits15References10Affected Software23
Cvelist
Cvelist
added 2023/01/18 12:0 a.m.27 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

10AI score0.99753EPSS
Exploits15References10
Vulnrichment
Vulnrichment
added 2023/01/18 12:0 a.m.19 views

CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec aka XML Security for Java 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain...

10AI score0.99753EPSS
Exploits15References10
CVE
CVE
added 2023/01/18 12:0 a.m.1310 views

CVE-2022-47966

CVE-2022-47966 (ManageEngine products) is a pre-auth remote code execution vulnerability rooted in the Apache Santuario (XML Security for Java) 1.4.1 library. The XML signature processing in this version can bypass protections, enabling RCE when a SAML SSO flow is engaged by affected ManageEngine...

9.8CVSS9.8AI score0.99753EPSS
In wildExploits15References11Affected Software1
Rows per page
Query Builder