ManageEngine vulnerability posed code injection risk for password management software


UPDATED Some installations of ManageEngine’s password and access management tools may be vulnerable to an exploit that would let an attacker execute arbitrary code.

In 190 countries, 280,000 enterprises utilise ManageEngine’s enterprise IT management software, which includes software for service management, operations management, Active Directory, and security. The 2020 vulnerable version of Apache OFBiz exposes an unauthenticated XMLRPC interface since authentication is only used on a per-service basis. Read More…