CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
99.8%
p100
KEV
SÍ
23 ene 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
99.8%EPSS · 30 días99.8%
2026-06-302026-07-16
Producto
Zoho / ManageEngine
Vulnerabilidad
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Añadido a KEV
23 ene 2023
Remediar antes de
13 feb 2023
Uso conocido en ransomware
Sí
Descripción resumida
Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.
Acción requerida
Apply updates per vendor instructions.
Notas
https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html; https://nvd.nist.gov/vuln/detail/CVE-2022-47966
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2022-35405—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2020-10189—100.0%
KEV—80Zoho ManageEngine Desktop Central File Upload Vulnerability—CVE-2021-40539—99.9%
KEV—80Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability—CVE-2022-28810—99.3%
KEV—80Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability—CVE-2019-8394—99.1%
KEV—80Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability—