Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.
References
Link | Resource |
---|---|
https://manageengine.com | Vendor Advisory |
https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6 | Release Notes Third Party Advisory |
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
History
25 Jan 2023, 20:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | NVD-CWE-noinfo | |
First Time |
Zohocorp manageengine Admanager Plus
Zohocorp manageengine Assetexplorer Zohocorp manageengine Password Manager Pro Zohocorp manageengine Vulnerability Manager Plus Zohocorp manageengine Access Manager Plus Zohocorp manageengine Remote Access Plus Zohocorp manageengine Pam360 Zohocorp manageengine Desktop Central Zohocorp manageengine Servicedesk Plus Msp Zohocorp application Control Plus Zohocorp manageengine Key Manager Plus Zohocorp Zohocorp manageengine Os Deployer Zohocorp manageengine Analytics Plus Zohocorp manageengine Servicedesk Plus Zohocorp manageengine Supportcenter Plus Zohocorp manageengine Adselfservice Plus Zohocorp manageengine Adaudit Plus Zohocorp manageengine Rmm Central Zohocorp manageengine Browser Security Plus Zohocorp manageengine Device Control Plus Zohocorp manageengine Ad360 Zohocorp manageengine Patch Manager Plus Zohocorp manageengine Endpoint Dlp Plus |
|
CPE | cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:-:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:* cpe:2.3:a:zohocorp:application_control_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_rmm_central:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:managed_service_providers:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:* |
|
References | (MISC) https://manageengine.com - Vendor Advisory | |
References | (MISC) https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6 - Release Notes, Third Party Advisory | |
References | (MISC) https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html - Patch, Vendor Advisory |
18 Jan 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-18 18:15
Updated : 2023-01-25 20:46
NVD link : CVE-2022-47966
Mitre link : CVE-2022-47966
JSON object : View
Products Affected
zohocorp
- manageengine_browser_security_plus
- manageengine_pam360
- manageengine_endpoint_dlp_plus
- manageengine_assetexplorer
- manageengine_device_control_plus
- application_control_plus
- manageengine_desktop_central
- manageengine_os_deployer
- manageengine_patch_manager_plus
- manageengine_adaudit_plus
- manageengine_servicedesk_plus_msp
- manageengine_supportcenter_plus
- manageengine_servicedesk_plus
- manageengine_vulnerability_manager_plus
- manageengine_rmm_central
- manageengine_remote_access_plus
- manageengine_adselfservice_plus
- manageengine_admanager_plus
- manageengine_access_manager_plus
- manageengine_password_manager_pro
- manageengine_analytics_plus
- manageengine_ad360
- manageengine_key_manager_plus
CWE