Threat Advisory

CISA alerts about critical ManageEngine RCE vulnerability

September 23, 2022 | By Accorian

The Cybersecurity and Infrastructure Security Agency (CISA) now includes a Java deserialization vulnerability of critical severity that affects numerous Zoho ManageEngine products. In servers running unpatched Zoho ManageEngine PAM360 and Password Manager Pro (without authentication) or Access Manager Plus (with authentication) software, this security flaw (CVE-2022-35405) can be exploited in low-complexity attacks to gain remote code execution without requiring user interaction. According to ManageEngine, they have removed the vulnerable components from PAM360, Access Manager Plus, and Password Manager Pro. Patches were released in June, and administrators are requested to upgrade to a fixed version, as a proof-of-concept exploit is already public.

Accorian can help identify this vulnerability in your environment. 

Source: CISA warns of Critical ManageEngine RCE bug

Threat Advisory Team 


Recent Post

    Ready to Start?

      Ready to Start?

        Download Case study

          Download Guide

          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to

            Interested Position

            First Name

            Last Name


            Total Experience

            Mobile Number

            Upload Resume