CVE-2022-47966

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
zohocorpmanageengine_access_manager_plus
𝑥
< 4.3
zohocorpmanageengine_access_manager_plus
4.3:build4300
zohocorpmanageengine_access_manager_plus
4.3:build4301
zohocorpmanageengine_access_manager_plus
4.3:build4302
zohocorpmanageengine_access_manager_plus
4.3:build4303
zohocorpmanageengine_access_manager_plus
4.3:build4304
zohocorpmanageengine_access_manager_plus
4.3:build4305
zohocorpmanageengine_access_manager_plus
4.3:build4306
zohocorpmanageengine_access_manager_plus
4.3:build4307
zohocorpmanageengine_ad360
𝑥
< 4.3
zohocorpmanageengine_ad360
4.3:4300
zohocorpmanageengine_ad360
4.3:4302
zohocorpmanageengine_ad360
4.3:4303
zohocorpmanageengine_ad360
4.3:4304
zohocorpmanageengine_ad360
4.3:4305
zohocorpmanageengine_ad360
4.3:4306
zohocorpmanageengine_ad360
4.3:4308
zohocorpmanageengine_ad360
4.3:4309
zohocorpmanageengine_adaudit_plus
𝑥
< 7.0
zohocorpmanageengine_adaudit_plus
7.0:7000
zohocorpmanageengine_adaudit_plus
7.0:7002
zohocorpmanageengine_adaudit_plus
7.0:7003
zohocorpmanageengine_adaudit_plus
7.0:7004
zohocorpmanageengine_adaudit_plus
7.0:7005
zohocorpmanageengine_adaudit_plus
7.0:7006
zohocorpmanageengine_adaudit_plus
7.0:7007
zohocorpmanageengine_adaudit_plus
7.0:7008
zohocorpmanageengine_adaudit_plus
7.0:7050
zohocorpmanageengine_adaudit_plus
7.0:7051
zohocorpmanageengine_adaudit_plus
7.0:7052
zohocorpmanageengine_adaudit_plus
7.0:7053
zohocorpmanageengine_adaudit_plus
7.0:7054
zohocorpmanageengine_adaudit_plus
7.0:7055
zohocorpmanageengine_adaudit_plus
7.0:7060
zohocorpmanageengine_adaudit_plus
7.0:7062
zohocorpmanageengine_adaudit_plus
7.0:7063
zohocorpmanageengine_adaudit_plus
7.0:7065
zohocorpmanageengine_adaudit_plus
7.0:7080
zohocorpmanageengine_admanager_plus
𝑥
< 7.1
zohocorpmanageengine_admanager_plus
7.1:7100
zohocorpmanageengine_admanager_plus
7.1:7101
zohocorpmanageengine_admanager_plus
7.1:7102
zohocorpmanageengine_admanager_plus
7.1:7110
zohocorpmanageengine_admanager_plus
7.1:7111
zohocorpmanageengine_admanager_plus
7.1:7112
zohocorpmanageengine_admanager_plus
7.1:7113
zohocorpmanageengine_admanager_plus
7.1:7114
zohocorpmanageengine_admanager_plus
7.1:7115
zohocorpmanageengine_admanager_plus
7.1:7116
zohocorpmanageengine_admanager_plus
7.1:7117
zohocorpmanageengine_admanager_plus
7.1:7118
zohocorpmanageengine_admanager_plus
7.1:7120
zohocorpmanageengine_admanager_plus
7.1:7121
zohocorpmanageengine_admanager_plus
7.1:7122
zohocorpmanageengine_admanager_plus
7.1:7123
zohocorpmanageengine_admanager_plus
7.1:7124
zohocorpmanageengine_admanager_plus
7.1:7125
zohocorpmanageengine_admanager_plus
7.1:7126
zohocorpmanageengine_admanager_plus
7.1:7130
zohocorpmanageengine_admanager_plus
7.1:7131
zohocorpmanageengine_admanager_plus
7.1:7140
zohocorpmanageengine_admanager_plus
7.1:7141
zohocorpmanageengine_admanager_plus
7.1:7150
zohocorpmanageengine_admanager_plus
7.1:7151
zohocorpmanageengine_admanager_plus
7.1:7160
zohocorpmanageengine_admanager_plus
7.1:7161
zohocorpmanageengine_adselfservice_plus
𝑥
< 6.2
zohocorpmanageengine_adselfservice_plus
6.2:6200
zohocorpmanageengine_adselfservice_plus
6.2:6201
zohocorpmanageengine_adselfservice_plus
6.2:6202
zohocorpmanageengine_adselfservice_plus
6.2:6203
zohocorpmanageengine_adselfservice_plus
6.2:6204
zohocorpmanageengine_adselfservice_plus
6.2:6205
zohocorpmanageengine_adselfservice_plus
6.2:6206
zohocorpmanageengine_adselfservice_plus
6.2:6207
zohocorpmanageengine_adselfservice_plus
6.2:6208
zohocorpmanageengine_adselfservice_plus
6.2:6209
zohocorpmanageengine_adselfservice_plus
6.2:6210
zohocorpmanageengine_analytics_plus
𝑥
< 5.1
zohocorpmanageengine_analytics_plus
5.1:5100
zohocorpmanageengine_analytics_plus
5.1:5110
zohocorpmanageengine_analytics_plus
5.1:5120
zohocorpmanageengine_analytics_plus
5.1:5121
zohocorpmanageengine_analytics_plus
5.1:5130
zohocorpmanageengine_analytics_plus
5.1:5140
zohocorpmanageengine_assetexplorer
𝑥
< 6.9
zohocorpmanageengine_assetexplorer
6.9:6900
zohocorpmanageengine_assetexplorer
6.9:6901
zohocorpmanageengine_assetexplorer
6.9:6902
zohocorpmanageengine_assetexplorer
6.9:6903
zohocorpmanageengine_assetexplorer
6.9:6904
zohocorpmanageengine_assetexplorer
6.9:6905
zohocorpmanageengine_assetexplorer
6.9:6906
zohocorpmanageengine_assetexplorer
6.9:6907
zohocorpmanageengine_assetexplorer
6.9:6908
zohocorpmanageengine_assetexplorer
6.9:6909
zohocorpmanageengine_assetexplorer
6.9:6950
zohocorpmanageengine_assetexplorer
6.9:6951
zohocorpmanageengine_assetexplorer
6.9:6952
zohocorpmanageengine_assetexplorer
6.9:6953
zohocorpmanageengine_assetexplorer
6.9:6954
zohocorpmanageengine_assetexplorer
6.9:6955
zohocorpmanageengine_assetexplorer
6.9:6956
zohocorpmanageengine_assetexplorer
6.9:6957
zohocorpmanageengine_assetexplorer
6.9:6970
zohocorpmanageengine_assetexplorer
6.9:6971
zohocorpmanageengine_assetexplorer
6.9:6972
zohocorpmanageengine_assetexplorer
6.9:6973
zohocorpmanageengine_assetexplorer
6.9:6974
zohocorpmanageengine_assetexplorer
6.9:6975
zohocorpmanageengine_assetexplorer
6.9:6976
zohocorpmanageengine_assetexplorer
6.9:6977
zohocorpmanageengine_assetexplorer
6.9:6978
zohocorpmanageengine_assetexplorer
6.9:6979
zohocorpmanageengine_assetexplorer
6.9:6980
zohocorpmanageengine_assetexplorer
6.9:6981
zohocorpmanageengine_assetexplorer
6.9:6982
zohocorpmanageengine_key_manager_plus
𝑥
< 6.4
zohocorpmanageengine_key_manager_plus
6.4:6400
zohocorpmanageengine_pam360
𝑥
< 5.7
zohocorpmanageengine_pam360
5.7:build5700
zohocorpmanageengine_pam360
5.7:build5710
zohocorpmanageengine_pam360
5.7:build5711
zohocorpmanageengine_pam360
5.7:build5712
zohocorpmanageengine_password_manager_pro
𝑥
< 12.1
zohocorpmanageengine_password_manager_pro
12.1:build12100
zohocorpmanageengine_password_manager_pro
12.1:build12101
zohocorpmanageengine_password_manager_pro
12.1:build12110
zohocorpmanageengine_password_manager_pro
12.1:build12120
zohocorpmanageengine_password_manager_pro
12.1:build12121
zohocorpmanageengine_password_manager_pro
12.1:build12122
zohocorpmanageengine_password_manager_pro
12.1:build12123
zohocorpmanageengine_servicedesk_plus
𝑥
< 14.0
zohocorpmanageengine_servicedesk_plus
14.0:14000
zohocorpmanageengine_servicedesk_plus
14.0:14001
zohocorpmanageengine_servicedesk_plus
14.0:14002
zohocorpmanageengine_servicedesk_plus
14.0:14003
zohocorpmanageengine_servicedesk_plus_msp
𝑥
< 13.0
zohocorpmanageengine_servicedesk_plus_msp
13.0:13000
zohocorpmanageengine_supportcenter_plus
11.0:11017
zohocorpmanageengine_supportcenter_plus
11.0:11018
zohocorpmanageengine_supportcenter_plus
11.0:11019
zohocorpmanageengine_supportcenter_plus
11.0:11020
zohocorpmanageengine_supportcenter_plus
11.0:11021
zohocorpmanageengine_supportcenter_plus
11.0:11022
zohocorpmanageengine_supportcenter_plus
11.0:11024
zohocorpmanageengine_supportcenter_plus
11.0:11025
zohocorpmanageengine_application_control_plus
𝑥
< 10.1.220.18
zohocorpmanageengine_browser_security_plus
𝑥
< 11.1.2238.6
zohocorpmanageengine_device_control_plus
𝑥
< 10.1.2220.18
zohocorpmanageengine_endpoint_dlp_plus
𝑥
< 10.1.2137.6
zohocorpmanageengine_os_deployer
𝑥
< 1.1.2243.1
zohocorpmanageengine_patch_manager_plus
𝑥
< 10.1.2220.18
zohocorpmanageengine_remote_access_plus
𝑥
< 10.1.2228.11
zohocorpmanageengine_remote_monitoring_and_management_central
𝑥
< 10.1.41
zohocorpmanageengine_vulnerability_manager_plus
𝑥
< 10.1.2220.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html
http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html
http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html
https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis
https://blog.viettelcybersecurity.com/saml-show-stopper/
https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6
https://github.com/horizon3ai/CVE-2022-47966
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html
http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html
http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html
http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html
https://attackerkb.com/topics/gvs0Gv8BID/cve-2022-47966/rapid7-analysis
https://blog.viettelcybersecurity.com/saml-show-stopper/
https://github.com/apache/santuario-xml-security-java/tags?after=1.4.6
https://github.com/horizon3ai/CVE-2022-47966
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html