Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products
23-Feb-23
From January 20, 2023, numerous threat actors have been seen opportunistically exploiting a severe security flaw that currently affects several Zoho ManageEngine products and has been patched. The remote code execution bug, which has been assigned the tracking number CVE-2022-47966 (CVSS score: 9.8), enables unauthenticated attackers to completely take control of the vulnerable systems.
As many as 24 separate products, including Remote Access Plus, Password Manager Pro, ADManager Plus, ADSelfService Plus, and Access Manager Plus are impacted by the problem.
