Security Stop-Press : Zoho ManageEngine PoC Exploit To Be Released

  • January 18, 2023
  • News

Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability prior to the release of a proof-of-concept (PoC) exploit code.

Zoho recently released a security advisory about multiple ManageEngine products saying it relates to “an unauthenticated remote code execution vulnerability reported and patched” that is in many “ManageEngine products due to the usage of an outdated third-party dependency, Apache Santuario”.

The vulnerability allows an unauthenticated adversary to execute arbitrary code when the above SAML SSO criteria is met. Zoho says the issue has been fixed by updating the third-party module to the recent version. More details about ManageEngine can be found via their website https://www.manageengine.com/products/desktop-central/about-manageengine.html.

About us and this blog

We are a IT solutions and support company. In our BLOG you can find more information about services and solutions we provide and learn how they can benefit you and your business.

We offer professional IT support for small and medium size businesses, as well as support home based businesses.

To check how we can help improve your security and productivity, request your FREE IT health check today!

More from our blog

See all posts