CVE-2022-47966

{"id": "CVE-2022-47966", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-01-18T18:15:10.570", "references": [{"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.viettelcybersecurity.com/saml-show-stopper/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://github.com/horizon3ai/CVE-2022-47966", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active)."}, {"lang": "es", "value": "M\u00faltiples productos locales de Zoho ManageEngine, como ServiceDesk Plus hasta 14003, permiten la ejecuci\u00f3n remota de c\u00f3digo debido al uso de Apache Santuario xmlsec (tambi\u00e9n conocido como XML Security para Java) 1.4.1, porque las funciones xmlsec XSLT, por dise\u00f1o en esa versi\u00f3n, hacen la aplicaci\u00f3n responsable de ciertas protecciones de seguridad, y las aplicaciones ManageEngine no proporcionaban esas protecciones. Esto afecta a Access Manager Plus anterior a 4308, Active Directory 360 anterior a 4310, ADAudit Plus anterior a 7081, ADManager Plus anterior a 7162, ADSelfService Plus anterior a 6211, Analytics Plus anterior a 5150, Application Control Plus anterior a 10.1.2220.18, Asset Explorer anterior a 6983, Browser Security Plus antes de 11.1.2238.6, Device Control Plus antes de 10.1.2220.18, Endpoint Central antes de 10.1.2228.11, Endpoint Central MSP antes de 10.1.2228.11, Endpoint DLP antes de 10.1.2137.6, Key Manager Plus antes de 6401, OS Deployer antes de 1.1.2243.1, PAM 360 antes de 5713, Password Manager Pro antes de 12124, Patch Manager Plus antes de 10.1.2220.18, Remote Access Plus antes de 10.1.2228.11, Remote Monitoring and Management (RMM) antes de 10.1.41. ServiceDesk Plus anterior a 14004, ServiceDesk Plus MSP anterior a 13001, SupportCenter Plus anterior a 11026 y Vulnerability Manager Plus anterior a 10.1.2220.18. La explotaci\u00f3n solo es posible si alguna vez se ha configurado SAML SSO para un producto (para algunos productos, la explotaci\u00f3n requiere que SAML SSO est\u00e9 actualmente activo).\n"}], "lastModified": "2024-09-16T19:45:48.983", "cisaActionDue": "2023-02-13", "cisaExploitAdd": "2023-01-23", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03", "versionEndExcluding": "4.3"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6FDF373-4711-4B72-A14E-CEB19301C40F"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E0F346C-0445-4D38-8583-3379962B540F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B1FA6A-43DB-4CCC-AC05-77810ED7B80D", "versionEndExcluding": "4.3"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4300:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1179FC2E-0FCC-4744-85A7-1D68AE742FEE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4302:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F05F8E9D-1880-4B94-922E-BA61FA112945"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4303:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F336B0C2-1F99-4BC7-828B-02E432CB0723"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4304:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBBA787F-7F38-4AD3-90BE-D307D75F1BCA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4305:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46A96B82-49E1-4392-BDCF-CC9753D67A4E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4306:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "837BF464-6D18-4267-8913-D7937C91789B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4308:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0243CA85-B856-4ED9-BCD0-5EAB182862CD"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_ad360:4.3:4309:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB216CD0-B3BD-434D-8FC6-BB60408C128A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFA4EA7A-B1C1-4750-A11D-89054B77B320", "versionEndExcluding": "7.0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16BADE82-3652-4074-BDFF-828B7213CAF6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97EA9324-9377-46E1-A0EA-637128E65DED"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA5BE36E-A73A-4D1C-8185-9692373F1444"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F505C783-09DE-4045-9DB4-DD850B449A48"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "212BF664-02DE-457F-91A6-6F824ECC963B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D102B74F-6762-4EFE-BAF7-A7D416867D9D"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7055:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B2F6EE4-F3DC-43CE-B7FD-C9522A35406A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7060:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623151CB-4C6B-4068-B173-FE8E73D652F5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7062:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D84377E-CB44-4C6A-A665-763A1CD1AF34"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7063:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "603D1875-BD5E-4C6C-9D2C-3CAA9D7B3AE0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7065:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C568190-1C1B-44FA-B50A-C142A0B8224D"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7080:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F876B2E2-C2FF-47BE-9F53-5F86606A08CA"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9D72627-17F9-427E-907B-56EA0A498131", "versionEndExcluding": "7.1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "736740CB-A328-4163-BAC4-6C881A24C8B1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B806083-7309-4215-AF81-DCC4D90B7876"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A741CDA8-D1A8-4F83-AE54-7D3D3C433825"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7110:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09563D6F-690B-4C7A-BA25-52D009724A74"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7111:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30FAC23B-831E-4904-AB3B-85A3C068CEB8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7112:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9347D3CF-B5D1-4ACE-83E1-73748EF15120"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7113:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "322E0562-4586-4DF4-A935-C2447883495B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7114:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB9151D6-BD21-4268-9371-FF702C1AD84B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7115:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B371E93E-7C85-42DD-AA7F-9B43D8D02963"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7116:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "094EEFA4-BD16-4F79-8133-62F9E2C8C675"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7117:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC5A6297-98E3-45C8-95FB-7F4E65D133BF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7118:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C96678-34B7-4FCE-9DBD-1A7B3E0943BB"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7120:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E9B9E88-919F-4CF7-99DC-72E50BDF65A9"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7121:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7848B31C-AB51-486B-8655-7D7A060BAFFC"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7122:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CFB5C4A-B717-4CC2-AE03-336C63D17B96"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7123:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "456D49D7-F04D-4003-B429-8D5504959D04"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7124:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB788440-904B-430E-BF5B-12ADA816477E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7125:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "876CC4D6-9546-4D39-965A-EF5A4AF4AD93"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7126:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85432FE8-946F-448D-A92A-FF549EDC52F8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7130:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "813E1389-A949-427C-92C6-3974702FEA5D"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7131:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34A48841-EA09-4917-A6FF-DF645B581426"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7140:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C042646-9D36-4712-9E5D-40E55FCF7C24"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7141:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E6CD67A-7F5A-4F29-B563-7E4D72A1149F"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7150:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77A0C792-A8B7-48F8-9AD7-96B0CBAD4EBF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7151:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E53B3CB-4351-4E24-B80C-D62CC483D4D7"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7160:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0068E901-62D2-4C4D-96F8-7823B0DF7DA8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.1:7161:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF70BA56-3478-4DA5-B013-4D9B820D2219"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BC9667B-3ECE-4DF8-9C45-95E53736CD68", "versionEndExcluding": "6.2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6200:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAFCD8BD-07E4-4AD3-B802-9A6D2254777A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6201:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1E4E7ED-317B-471D-B387-24BFE504FD48"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6202:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1518C214-71A7-4C97-BA40-95D98E0C78BB"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6203:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "247ED04D-E067-4A18-8514-9CD635DF4F09"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6204:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AC2C862-7709-44BF-9D0C-1BD63B381001"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6205:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E936706-E1D6-496A-8395-96706AF32F19"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA25E9BB-DDB9-438C-890A-61264C10BFF0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6207:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D71FF123-F797-4E0D-8167-DD4563733879"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6208:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1156F671-D6BD-4FA2-924F-1802F157A025"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6209:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7ABB8B4-1CBF-4437-A751-B51F2B061C7D"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_adselfservice_plus:6.2:6210:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E870D833-28A7-45E1-9A6B-26A33D66B507"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2026DE5E-EDDA-4134-A63E-1F01A9ED209F", "versionEndExcluding": "5.1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBEE7368-580D-422E-80DE-079462579BD4"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5110:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92C88B5F-3689-4314-B23E-D9051808C1D9"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5120:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "839EB997-896A-4CD9-BADF-1C2DC2B498F0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5121:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A4DF40E-2941-4A38-9297-42502D7EE0C5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5130:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD056927-1BC0-42A0-8E26-7FC0F4BE58AF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:5.1:5140:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99F6F9CC-5A94-4A74-8D36-BE198424C955"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6DEEF51-0977-4061-9919-803DFD144E10", "versionEndExcluding": "6.9"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6900:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D0754D0-5B28-4851-89A2-DC5B20CFF3E8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6901:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E0CAA5B-16A1-4637-B90A-BFAF7381CCD9"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48A960D7-7AB2-43F4-99FC-5B1FE69BFDB6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6903:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B293513C-9ECB-4512-B1B8-A470C6115458"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6904:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D9B89EB-C51F-4A70-A6DF-1BD326308DA5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6905:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B708143-01B3-45D0-A769-E1D8E99237B5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6906:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1837C80-7D1F-4AF5-BF4B-932DF03D6A30"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6907:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E528B83-1539-4516-9ACF-A05E853014DF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBFB65BC-5B94-4075-BBB1-4CD8B5B216C3"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6909:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FAF3DFA-78FB-417C-808A-507F66889913"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6950:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9506197-CDDA-451B-9FE3-72B3C3BA19EF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6951:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "691DF8EC-6A7A-4449-8A4C-79F76726D685"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6952:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B3E2B0A-EB1E-45C3-BC2C-9E32268A0867"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6953:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1BD2753-52B8-4EB0-8332-C67935FB8B47"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6954:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BD08BF-4E5D-4DE4-A499-B0296C126599"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6955:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13CB227-496C-4777-BE76-27AFF5ED15C2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6956:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AB1DF8F-3385-40C6-92C5-10724F8A6911"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6957:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1997DE8-8CFA-4882-9107-741B88339A67"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6970:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "148F6458-136D-4612-9619-F51AEEC11AA6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6971:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B189696-D6BC-475B-90CA-AF122224FEAA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6972:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "477C97EC-A497-4C7C-973B-2C057A9242AD"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6973:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "284F5D9D-F23F-4936-B461-10701CC3AB7C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6974:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74CE0145-F165-4FB4-A819-01B30641196A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6975:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA291C44-616B-45D9-9709-61CD33E8B135"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6976:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1C7492E-5D5B-419D-9749-7CC6EE5BC0FE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6977:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCF1B243-DA58-42CD-9DF4-6D4A010796D8"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6978:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B73FD0F-6B48-406E-AB29-606CC07C81C2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6979:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CED2C49D-DB96-4495-BD6F-460871D94EDA"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6980:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9AAC638-1379-4F87-9BA3-07CE16CAB98A"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6981:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3470B5B-B8BC-41B9-8CA5-5E7A0EB9934F"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_assetexplorer:6.9:6982:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A2D9355-B1D5-4B14-8900-42E7C8DC5E4E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB1E5798-5079-4292-9C11-2F334F8AC825", "versionEndExcluding": "6.4"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_key_manager_plus:6.4:6400:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37D11E5C-C569-4D9F-BFF8-315F6D458D68"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93", "versionEndExcluding": "5.7"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E270FB5-C447-4C93-9947-2CE50850A46B"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "496AFB26-1E11-4632-8C10-CD80F601FCFE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2CE86DA-B688-4E9E-AF16-1974858D18BF"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5712:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFA2F57-4506-4B3D-86E8-BE9BEC1134B4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76C7DC97-8BF1-421F-9272-FD301D2D7A3F", "versionEndExcluding": "12.1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE65B96-74ED-48F1-B86D-CB3387D989CB"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4127640-1F60-4687-A24A-22B05A125290"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E42928FB-E0E7-4951-B9B1-CEF60560A945"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43C059E6-E1CA-4792-B383-93062CD82D66"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12122:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C34175B-0978-4207-BFC0-F38FDFF9B3D5"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12123:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CAB911E-5CE6-47BA-9909-C42BDFEE0F5E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB1A6B88-6EE0-41F2-9FB6-243DFB52F92A", "versionEndExcluding": "14.0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14000:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23A6549A-A30E-4693-9BAB-2685DB8C40BC"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14001:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71CED256-A0EF-4933-AE18-421E37D5DB16"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14002:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EEAFF47-78C6-4F48-BD89-CD2B02D420DC"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:14.0:14003:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3E8FEC0-688A-4BA6-9B4A-C59AD7FDAF8F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "969E1FCF-76A0-40BC-A38F-56FCB713419F", "versionEndExcluding": "13.0"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:13.0:13000:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "298E6401-A9A9-43B6-901F-327944E0AF94"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11017:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35366F60-D6E2-4B29-B593-D24079CE6831"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11018:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB60E016-82DD-41EC-85F9-D4F37AF1F8E3"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11019:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B83E37C-B1F6-4CEB-8A8E-39E24BE8B59C"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11020:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80B62BA0-2CF1-4828-99A9-7DD13CFCB9BE"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11021:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F529DB6-4D30-49F8-BFE2-C10C1A899917"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11022:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EA25296-8163-4C98-A8CD-35834240308E"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11024:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33D51403-A976-4EA3-AA23-C699E03239E2"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11025:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D86A2E8A-1689-4E6E-B50B-E16CBCEB0C23"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_application_control_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8F5E8E6-B1AA-4454-86D3-648B67CA915E", "versionEndExcluding": "10.1.220.18"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_browser_security_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98FAA4DE-2C24-4ED4-9F2C-84CEA3200E31", "versionEndExcluding": "11.1.2238.6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_device_control_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8239C2A0-BA6D-4B5C-B02F-617178685D52", "versionEndExcluding": "10.1.2220.18"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_endpoint_dlp_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CA4E3A8-CAB3-461E-8A99-F7D115B17E71", "versionEndExcluding": "10.1.2137.6"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_os_deployer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53EC71FA-E248-4DA5-BA76-746631AC435E", "versionEndExcluding": "1.1.2243.1"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_patch_manager_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5784980D-CEBB-4982-BD1F-FD8F5F2A039C", "versionEndExcluding": "10.1.2220.18"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_access_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06A9F459-2C86-4646-B87C-A55381E0939F", "versionEndExcluding": "10.1.2228.11"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_remote_monitoring_and_management_central:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D851B9A-EE8F-4634-A26D-BCC44B5CF02A", "versionEndExcluding": "10.1.41"}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_vulnerability_manager_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "450E672F-FA36-4770-87B6-CC8DA66D2222", "versionEndExcluding": "10.1.2220.18"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability"}