Threat Advisory

CISA alerts about critical ManageEngine RCE vulnerability

September 23, 2022 | By Accorian

The Cybersecurity and Infrastructure Security Agency (CISA) now includes a Java deserialization vulnerability of critical severity that affects numerous Zoho ManageEngine products. In servers running unpatched Zoho ManageEngine PAM360 and Password Manager Pro (without authentication) or Access Manager Plus (with authentication) software, this security flaw (CVE-2022-35405) can be exploited in low-complexity attacks to gain remote code execution without requiring user interaction. According to ManageEngine, they have removed the vulnerable components from PAM360, Access Manager Plus, and Password Manager Pro. Patches were released in June, and administrators are requested to upgrade to a fixed version, as a proof-of-concept exploit is already public.

Accorian can help identify this vulnerability in your environment. 

Source: CISA warns of Critical ManageEngine RCE bug

Threat Advisory Team 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide