Threat Advisory

CISA alerts about critical ManageEngine RCE vulnerability

September 23, 2022 | By Accorian

The Cybersecurity and Infrastructure Security Agency (CISA) now includes a Java deserialization vulnerability of critical severity that affects numerous Zoho ManageEngine products. In servers running unpatched Zoho ManageEngine PAM360 and Password Manager Pro (without authentication) or Access Manager Plus (with authentication) software, this security flaw (CVE-2022-35405) can be exploited in low-complexity attacks to gain remote code execution without requiring user interaction. According to ManageEngine, they have removed the vulnerable components from PAM360, Access Manager Plus, and Password Manager Pro. Patches were released in June, and administrators are requested to upgrade to a fixed version, as a proof-of-concept exploit is already public.

Accorian can help identify this vulnerability in your environment. 

Source: CISA warns of Critical ManageEngine RCE bug

Threat Advisory Team 


Recent Post

    Ready to Start?

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to

        Interested Position
        First Name
        Last Name
        Total Experience
        Mobile Number
        Upload Resume