← back
CVE-2022-28219

CVE-2022-28219

EPSS 97.0%
Vexday Risk Score
40Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 97.0%KEV nãoPoC Nuclei simMetasploit simPatch
Lifecycle
05 Apr 2022Published on NVD
29 Jun 2022Metasploit module available
Recommendation: Plan a near-term fix — a public PoC already exists.
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cewolf.sourceforge.net/new/index.htmlhttp://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.htmlhttps://manageengine.comhttps://www.horizon3.ai/red-team-blog-cve-2022-28219/https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html