Lucene search
K

13 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/01/12 2:20 p.m.70 views

Recog Release v3.0.3

Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...

0.1AI score0.9994EPSS
Exploits29
Check Point Advisories
Check Point Advisories
added 2022/10/23 12:0 a.m.30 views

Zoho Multiple Products Remote Code Execution (CVE-2022-35405)

A remote code execution vulnerability exists in multiple Zoho products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

5.4AI score0.9994EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/10/12 12:0 a.m.57 views

ManageEngine Password Manager Pro < 12.1 Build 12101 RCE

The remote host is running a version of ManageEngine Password Manager Pro prior to 12.1 Build 12101. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host...

9.8CVSS9.7AI score0.9994EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2022/10/12 12:0 a.m.81 views

ManageEngine PAM360 < 5.5 Build 5510 RCE

The remote host is running a version of ManageEngine PAM360 prior to 5.5 Build 5510. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host. Note that Ness...

9.8CVSS9.7AI score0.9994EPSS
Exploits5References2
Malwarebytes
Malwarebytes
added 2022/09/27 11:30 a.m.75 views

Flaw in some ManageEngine apps is being actively exploited, says CISA

CISA the Cybersecurity and Infrastructure Security Agency recently added CVE-2022-35405--a remote code executionRCE vulnerability affecting Zoho ManageEngine PAM360 versions 5500 and earlier, Password Manager Pro versions 12100 and earlier, and Access Manager Plus versions 4302 and earlier--to it...

1.8AI score0.9994EPSS
Exploits5
The Hacker News
The Hacker News
added 2022/09/23 10:21 a.m.53 views

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager...

9.8CVSS1.5AI score0.9994EPSS
Exploits5
0day.today
0day.today
added 2022/08/04 12:0 a.m.605 views

Zoho Password Manager Pro XML-RPC Java Deserialization Exploit

This Metasploit module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro before 12101 and PAM360 before 5510. Unauthenticated attackers can send a crafted XML-RPC request containing malicious serialized data to /xmlrpc to gain remote command execution as the SYSTEM user. This...

9.8CVSS9.7AI score0.9994EPSS
Exploits5
Packet Storm
Packet Storm
added 2022/08/03 12:0 a.m.420 views

Zoho Password Manager Pro XML-RPC Java Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zoho Password Manager Pro XML-RPC Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in Zoho...

9.8CVSS0.6AI score0.9994EPSS
Exploits5
Circl
Circl
added 2022/07/19 6:40 p.m.13 views

CVE-2022-35405

creationtimestamp| type| source ---|---|--- 2022-07-19 18:40:49+00:00| seen| https://t.me/cibsecurity/46547 2022-08-02 11:49:26+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6516 2022-08-02 22:05:45+00:00| seen|...

9.8CVSS7.5AI score0.9994EPSS
Exploits5References11
Cvelist
Cvelist
added 2022/07/19 2:51 p.m.36 views

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

10AI score0.9994EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 2022/07/19 2:51 p.m.15 views

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

9.9AI score0.9994EPSS
Exploits5References2
CVE
CVE
added 2022/07/19 2:51 p.m.859 views

CVE-2022-35405

CVE-2022-35405 affects Zoho ManageEngine PAM360 (before 5.5/5510) and Password Manager Pro (before 12.1/12101), plus Access Manager Plus (before 4.3/4303 with auth). The root cause is a Java deserialization issue in XML-RPC handling that enables unauthenticated RCE for Password Manager Pro and PA...

9.8CVSS9.7AI score0.9994EPSS
In wildExploits5References3Affected Software3
GithubExploit
GithubExploit
added 2022/07/18 8:52 p.m.78 views

Exploit for Deserialization of Untrusted Data in Zohocorp Manageengine_Access_Manager_Plus

CVE-2022-35405 - My blog posthttps://bigous.me/2022/09/06/C...

9.8CVSS9.8AI score0.9994EPSS
Exploits5
Rows per page
Query Builder