Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus prior to 4308, Active Directory 360 prior to 4310, ADAudit Plus prior to 7081, ADManager Plus prior to 7162, ADSelfService Plus prior to 6211, Analytics Plus prior to 5150, Application Control Plus prior to 10.1.2220.18, Asset Explorer prior to 6983, Browser Security Plus prior to 11.1.2238.6, Device Control Plus prior to 10.1.2220.18, Endpoint Central prior to 10.1.2228.11, Endpoint Central MSP prior to 10.1.2228.11, Endpoint DLP prior to 10.1.2137.6, Key Manager Plus prior to 6401, OS Deployer prior to 1.1.2243.1, PAM 360 prior to 5713, Password Manager Pro prior to 12124, Patch Manager Plus prior to 10.1.2220.18, Remote Access Plus prior to 10.1.2228.11, Remote Monitoring and Management (RMM) prior to 10.1.41. ServiceDesk Plus prior to 14004, ServiceDesk Plus MSP prior to 13001, SupportCenter Plus prior to 11026, and Vulnerability Manager Plus prior to 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zohocorp manageengine access manager plus 4.3 |
||
zohocorp manageengine access manager plus |
||
zohocorp manageengine ad360 |
||
zohocorp manageengine ad360 4.3 |
||
zohocorp manageengine adaudit plus 7.0 |
||
zohocorp manageengine adaudit plus |
||
zohocorp manageengine admanager plus 7.1 |
||
zohocorp manageengine admanager plus |
||
zohocorp manageengine adselfservice plus 6.2 |
||
zohocorp manageengine adselfservice plus |
||
zohocorp manageengine analytics plus |
||
zohocorp manageengine analytics plus 5.1 |
||
zohocorp manageengine assetexplorer 6.9 |
||
zohocorp manageengine assetexplorer |
||
zohocorp manageengine key manager plus |
||
zohocorp manageengine key manager plus 6.4 |
||
zohocorp manageengine pam360 5.7 |
||
zohocorp manageengine pam360 |
||
zohocorp manageengine password manager pro |
||
zohocorp manageengine password manager pro 12.1 |
||
zohocorp manageengine servicedesk plus |
||
zohocorp manageengine servicedesk plus 14.0 |
||
zohocorp manageengine servicedesk plus msp |
||
zohocorp manageengine servicedesk plus msp 13.0 |
||
zohocorp manageengine supportcenter plus 11.0 |
||
zohocorp application control plus |
||
zohocorp manageengine browser security plus |
||
zohocorp manageengine device control plus |
||
zohocorp manageengine desktop central |
||
zohocorp manageengine endpoint dlp plus |
||
zohocorp manageengine os deployer |
||
zohocorp manageengine patch manager plus |
||
zohocorp manageengine remote access plus |
||
zohocorp manageengine vulnerability manager plus |
||
zohocorp manageengine rmm central |
Available evidence suggests vulnerability exploitation has replaced botnets as a prime infection vector.
Posted: 12 Mar, 20244 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomware: Attacks Continue to Rise as Operators Adapt to DisruptionAvailable evidence suggests vulnerability exploitation has replaced botnets as a prime infection vector.Ransomware activity remains on an upward trend despite the number of attacks claimed by ransomware actors decreasing by slightly more than 20% in the fourth quarter of 2023. Attackers have co...