Source |
CSO |
Identifiant |
7154310 |
Date de publication |
2022-09-26 13:59:00 (vue: 2022-09-26 22:05:45) |
Titre |
Zoho ManageEngine flaw is actively exploited, CISA warns |
Texte |
A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities last week, highlighting an immediate threat for organizations that haven't yet patched their vulnerable deployments.The vulnerability, tracked as CVE-2022-3540, was privately reported to Zoho in June by a security researcher identified as Vinicius and was fixed later that same month. The researcher posted a more detailed writeup at the beginning of this month and, according to him, it's a Java deserialization flaw inherited from an outdated version of Apache OFBiz, an open-source enterprise resource planning system, where it was patched in 2020 (CVE-2020-9496). This means that the Zoho ManageEngine products were vulnerable for two years due a failure to update a third-party component.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
2020 2022 3540 9496 according actively added agency apache article beginning being catalog cisa click code component cve cybersecurity deployments deserialization detailed due enterprise enterprises execution exploited failure fixed flaw from full haven here highlighting him identified immediate infrastructure inherited its java june known last later manageengine management means month more ofbiz open organizations outdated party patched planning please popular posted privately products read remote reported researcher resource same security solution source system third threat tracked two update version vinicius vulnerabilities vulnerability vulnerable warns week where wild writeup years yet zoho |
Tags |
Vulnerability
Threat
|
Stories |
|
Notes |
|
Move |
|