A Critical Vulnerability That Affects ManageEngine Products

Threat Level – Red | Vulnerability Report
Download PDF

A critical vulnerability in several ManageEngine products allows for remote code execution (RCE) without authentication. This vulnerability is tracked as CVE-2022-47966 and is caused by an outdated third-party dependency, Apache Santuario. This vulnerability affects almost all ManageEngine products and allows unauthenticated attackers to execute arbitrary code if the SAML-based single-sign-on (SSO) is or was enabled at least once before the attack.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox