CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
99.8%
p100
KEV
YES
Jan 23, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
99.8%EPSS · 30 days99.8%
2026-06-302026-07-16
Product
Zoho / ManageEngine
Vulnerability
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Added to KEV
Jan 23, 2023
Remediate by
Feb 13, 2023
Known ransomware use
Yes
Summary description
Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.
Required action
Apply updates per vendor instructions.
Notes
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html; https://nvd.nist.gov/vuln/detail/CVE-2022-47966
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-35405—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2020-10189—100.0%
KEV—80Zoho ManageEngine Desktop Central File Upload Vulnerability—CVE-2021-40539—99.9%
KEV—80Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability—CVE-2022-28810—99.3%
KEV—80Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability—CVE-2019-8394—99.1%
KEV—80Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability—