www.manageengine.com Open in urlscan Pro
165.173.187.32  Public Scan

Form analysis
2 forms found in the DOM

Name: form-hockey_v1 — https://www.manageengine.com/search-results.html

<form id="cse-search-box" action="https://www.manageengine.com/search-results.html" name="form-hockey_v1"> <input id="hockey_v1-query" type="text" placeholder="Search..." value="" class="newsearchbox fl" name="query"></form>

Name: subscribe — POST https://www.manageengine.com/newsletter-thanks.html

<form onsubmit="return subscribeNl()" method="post" name="subscribe" action=" https://www.manageengine.com/newsletter-thanks.html">
  <div class="clearfix pr"><span class="footer-subscribenewsletteremail">Email *</span><span class="footer-subscribenewslettersubmit">Subscribe</span></div>
</form>

Text Content

 
 
 * Contact
   Toll FreeUS: +1 888 720 9500US: +1 888 791 1189US Sales: +1 833-420-0996CA
   Sales: +1 833-416-0441Aus: 1800 631 268UK: 0800 028 6590IN: 1800 572
   6673TelIntl: +1 925 924 9500CN: +86 400 660 8680CA: +1 514 673
   9946Emailsales@manageengine.com
 * Store
 * Partners
 * Affiliate
 *  
   Login | Register
 *  
   Desktop Management | On-premises | OS Deployment | Remote Access Software |
   Asset Management | Customer Support Software | Help Desk Software | Remote
   Support Software | Active Directory Management and Reporting | Active
   Directory Auditing | Identity Password Management &IT Self-Service | Exchange
   Server Auditing &Reporting | Active Directory Backup &Recovery Tool |
   SharePoint Reporting &Auditing | File server auditing &data discovery |
   Active Directory Identity Management (AD360) | Application Performance
   Monitoring (APM) | Website Monitoring &Server Monitoring (Cloud) | Network
   Monitoring Software | Bandwidth Monitoring &Traffic Analysis | Office 365
   Management and Reporting| Mobile device management | Browser security
   &management | Privileged Access Management

 
 * Products
 * Solutions
 * Company
 * Support
 * Events

Free Downloads




MANAGEENGINE SECURITY ADVISORIES

Home » Security Advisory


SECURITY ADVISORY FOR REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE
MANAGEENGINE PRODUCTS

Severity : Critical

CVE ID : CVE-2022-47966

Details :
This advisory addresses an unauthenticated remote code execution vulnerability
reported and patched in the following ManageEngine OnPremise products due to the
usage of an outdated third party dependency, Apache Santuario.
ManageEngine On-Demand/cloud products are not affected by this vulnerability.

Applicability :
This advisory is applicable only when SAML SSO is/was enabled in the
ManageEngine setup.

Product Name Impacted Version(s) Fixed Version(s) Released On Access Manager
Plus* 4307 and below 4308 7/11/2022 Active Directory 360** 4309 and below 4310
28/10/2022 ADAudit Plus** 7080 and below 7081 28/10/2022 ADManager Plus** 7161
and below 7162 28/10/2022 ADSelfService Plus** 6210 and below 6211 28/10/2022
Analytics Plus* 5140 and below 5150 7/11/2022 Application Control Plus*
10.1.2220.17 and below 10.1.2220.18 28/10/2022 Asset Explorer** 6982 and below
6983 27/10/2022 Browser Security Plus* 11.1.2238.5 and below 11.1.2238.6
28/10/2022 Device Control Plus* 10.1.2220.17 and below 10.1.2220.18 28/10/2022
Endpoint Central* 10.1.2228.10 and below 10.1.2228.11 28/10/2022 Endpoint
Central MSP* 10.1.2228.10 and below 10.1.2228.11 28/10/2022 Endpoint DLP*
10.1.2137.5 and below 10.1.2137.6 28/10/2022 Key Manager Plus* 6400 and below
6401 27/10/2022 OS Deployer* 1.1.2243.0 and below 1.1.2243.1 28/10/2022 PAM 360*
5712 and below 5713 7/11/2022 Password Manager Pro* 12123 and below 12124
7/11/2022 Patch Manager Plus* 10.1.2220.17 and below 10.1.2220.18 28/10/2022
Remote Access Plus* 10.1.2228.10 and below 10.1.2228.11 28/10/2022 Remote
Monitoring and Management (RMM)* 10.1.40 and below 10.1.41 29/10/2022
ServiceDesk Plus** 14003 and below 14004 27/10/2022 ServiceDesk Plus MSP** 13000
and below 13001 27/10/2022 SupportCenter Plus** 11017 to 11025 11026 28/10/2022
Vulnerability Manager Plus* 10.1.2220.17 and below 10.1.2220.18 28/10/2022

* - Applicable only if configured SAML-based SSO and it is currently active.

** - Applicable only if configured SAML-based SSO at least once in the past,
regardless of the current SAML-based SSO status.

Impact:

This vulnerability allows an unauthenticated adversary to execute arbitrary code
when the above SAML SSO criteria is met.

Fix:

This issue has been fixed by updating the third party module to the recent
version.

Acknowledgements:

This vulnerability was reported by Khoadha of Viettel Cyber Security through our
Bug Bounty program.

Please contact our product support or security@manageengine.com if you need any
further assistance.

Company
 * About us
 * News
 * Events
 * Customers
 * PitStop
 * Partner portal
 * Affiliate
 * Government
 * Newsletter
 * Cookie policy

 * Careers
 * Site map
 * Trademarks
 * EULA
 * Contact us
 * Feedback
 * Privacy policy
 * Security
 * Security response center

Regional websites
 * Global (English)
   * América Latina (Spanish)
   * Australia (English)
   * Brazil (Português)
   * Belgium (Dutch)
   * China (中文)
   * Denmark (norsk)
   * Deutschland (German)
   * Europe (English)
   * France (French)
   * Greece (Greek)
   * India (English)
   * Israel (עברית)
   * Italy (italiano)
   * Japan (日本語)
   * Korea (한국어)
   * México (Español)
   * Nederland (Dutch)
   * Poland (Polskie)
   * Russian (русский)
   * Schweiz (German)
   * South Africa (English)
   * Spain (España)
   * Sverige (svenska)
   * Taiwan (中文)
   * Türkiye (Türk)
   * United Kingdom (English)

Newsletter
Subscribe to Monthly Newsletter
Email *Subscribe
Follow us:
     
ManageEngine is a division of Zoho Corp.
© 2023 Zoho Corporation Pvt. Ltd. All rights reserved.

Thank you for reaching out! We'll get in touch with you shortly.
Back to Top
Request demoRequest callback
Thank you for reaching out! We'll get in touch with you shortly.
At ManageEngine, we do not use third-party software to track website visitors.
We take your privacy seriously and use our own tools hosted in our data centres.
Your data is yours, and we never monetize it for advertisement purposes. You can
learn more about our cookie policy here and change your preferences at any time.
Manage Cookies
Accept All Cookies
 


COOKIE SETTINGS

 

The options below allow you to manage your consent for the cookies that are set
on this website. You can manage your preference anytime by visiting our cookie
policy or by clicking on the cookie icon at the bottom-left corner of the
webpage.

STRICTLY NECESSARY

Always Active

They are necessary for our website to function and cannot be switched off in our
systems. They are essential in order to enable you to navigate around the
website and use its features. If you remove or disable these cookies from your
browser, we cannot guarantee that you will be able to use our websites.

Learn More

FUNCTIONAL/PREFERENCE

  

They allow us to remember the choices made by you (such as your user name,
language or region) as well as other functionalities (such as controlling the
cookie banner, redirection to a new page) in order to provide a more
personalised online experience. These preferences are remembered (through the
use of persistent cookies) so that you need not set them again the next time you
visit the page.

Note : The live chat widget will not work if the functionality/preference
setting is disabled.

Learn More

ANALYTICS

  

They help us improve the way our websites work (e.g. by ensuring that users are
finding what they are looking for easily). These collect aggregate information
about visits, navigations in the websites so that we can make improvement and
report our performance. Analytics cookies may also be used to test new pages or
features to understand how users adopt them.

Learn More

THIRD-PARTY COMPANY COOKIES

When you visit some of our webpages that contain embedded content hosted on a
third party platform such as YouTube videos, these third parties set cookies on
your browser. We always opt for the most privacy friendly options provided by
these parties, however these are not controlled by us. If you do not want these
parties to set cookies on your browser on visiting our site, you should avoid
visiting webpages that contain such embeds.

Learn More
Save & Exit