The vulnerability of the cewolf component of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus allows attackers to perform XXE attacks.

The vulnerability of the cewolf component of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to perform XXE attack...

PT-2022-3394 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus versions prior to 7060 Description: The issue is related to the cewolf component in Zoho ManageEngine ADAudit Plus, which is vulnerable to an unauthenticated XXE attack due to incorrect restriction of XML extern...