PT-2022-26655 · Zoho · Zoho Manageengine Admanager Plus

George Koumettou

Published

2022-11-18

Updated

2022-11-22

CVE-2022-42904

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADManager Plus versions through 7151

Description The issue allows authenticated admin users to execute commands in proxy settings.

Recommendations For Zoho ManageEngine ADManager Plus versions through 7151, consider restricting access to the proxy settings to minimize the risk of exploitation until a patch is available.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2022-42904

Affected Products

Zoho Manageengine Admanager Plus

PT-2022-26655 · Zoho · Zoho Manageengine Admanager Plus

CVE-2022-42904

Weakness Enumeration

Related Identifiers

Affected Products

References · 5