Threat Advisories:
🎧 Hive Force Labs: Critical Threats Affecting You This Week - 5 Minute Audio Intelligence Report
👥 Play Count: Loading...

A Critical Vulnerability That Affects ManageEngine Products

Threat Level – Red | Vulnerability Report
Download PDF

A critical vulnerability in several ManageEngine products allows for remote code execution (RCE) without authentication. This vulnerability is tracked as CVE-2022-47966 and is caused by an outdated third-party dependency, Apache Santuario. This vulnerability affects almost all ManageEngine products and allows unauthenticated attackers to execute arbitrary code if the SAML-based single-sign-on (SSO) is or was enabled at least once before the attack.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox