CVE-2022-28219

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADAudit Plus versions prior to 7060

Description The issue is related to the cewolf component in Zoho ManageEngine ADAudit Plus, which is vulnerable to an unauthenticated XXE attack due to incorrect restriction of XML external entity references. This can allow a remote attacker to conduct XXE attacks, leading to Remote Code Execution. The vulnerability can be exploited through the /cewolf endpoint, which is vulnerable to path traversal and blind XML external entity injection, allowing an attacker to upload and execute files.

Recommendations For Zoho ManageEngine ADAudit Plus versions prior to 7060, update to version 7060 or later to resolve the issue. As a temporary workaround, consider restricting access to the /cewolf endpoint until a patch is applied. Avoid using the cewolf component in Zoho ManageEngine ADAudit Plus until the issue is resolved.