Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
670
VMScore

CVE-2022-28219

Published: 05/04/2022 Updated: 26/10/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Manageengine Adaudit Plus

Vulnerability Summary

Cewolf in Zoho ManageEngine ADAudit Plus prior to 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zohocorp manageengine adaudit plus 7.0

zohocorp manageengine adaudit plus

Exploits

Exploit DB: ManageEngine ADAudit Plus Path Traversal / XML Injection
This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060 They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file ...

Github Repositories

https://github.com/rbowes-r7/manageengine-auditad-cve-2022-28219

Code to support my CVE-2022-28219 analysis To execute, with Ruby and Rubygems installed: gem install httparty ruby /manageengine-pocrb <target> <port> <domain> <your ip> This is designed as a proof of concept, not a stable exploit It only runs calc :)

https://github.com/aeifkz/CVE-2022-28219-Like

建立一個概念類似 CVE-2022-28219 的測試環境

CVE-2022-28219-Like 建立一個概念類似 CVE-2022-28219 的測試環境

https://github.com/A0RX/Red-Blueteam-party

A collection of red blue team staff

red blue team party 🎉🏴‍☠️ - Redteam🗡 Go to blueteam🛡️ • Tools Linkedlnt Spoofcheck Pagodo wintnessMe Linkedin2username Recong-ng Cloud_enum Buster S3Scanner Gitleaks Rustscan Amass AzureWorkahop Nicoff eagle-rs Search engines Gpu poisoning Cutter Stormspotter Hack tools s3sec Function stomping AZURE red team WinAPI Adversarial toolbox Offensive rus

https://github.com/horizon3ai/CVE-2022-28219

PoC for ManageEngine ADAudit Plus CVE-2022-28219

CVE-2022-28219 POC for CVE-2022-28219 affecting ManageEngine ADAudit Plus builds < 7060 Technical Analysis More details on our blog: wwwhorizon3ai/red-team-blog-cve-2022-28219 Usage % python3 CVE-2022-28219py -h usage: CVE-2022-28219py [-h] -t TARGET -l LHOST -d DOMAIN [-lhp HTTP_PORT] [-lfp FTP_PORT] [-f FILE] [-c COMMAND] [-u USER] optional arguments: -h

https://github.com/A0RX/Redblueteamparty

A collection of red blue team staff

red blue team party 🎉🏴‍☠️ - Redteam🗡 Go to blueteam🛡️ • Tools Linkedlnt Spoofcheck Pagodo wintnessMe Linkedin2username Recong-ng Cloud_enum Buster S3Scanner Gitleaks Rustscan Amass AzureWorkahop Nicoff eagle-rs Search engines Gpu poisoning Cutter Stormspotter Hack tools s3sec Function stomping AZURE red team WinAPI Adversarial toolbox Offensive rus

References

CWE-611https://manageengine.comhttps://www.manageengine.com/products/active-directory-audit/cve-2022-28219.htmlhttps://www.horizon3.ai/red-team-blog-cve-2022-28219/http://cewolf.sourceforge.net/new/index.htmlhttp://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.htmlhttps://nvd.nist.govhttps://github.com/rbowes-r7/manageengine-auditad-cve-2022-28219https://github.com/aeifkz/CVE-2022-28219-Likehttps://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook