Zoho ManageEngine ADAudit Plus bug gets public RCE exploit


Security researchers have released technical information and proof-of-concept exploit code for CVE-2022-28219, a serious flaw in the Zoho ManageEngine ADAudit Plus product for tracking Active Directory activity.

A remote code execution vulnerability makes Active Directory accounts vulnerable to compromise by an unauthenticated attacker. After security researcher Naveen Sunkavally at Horizon3.ai alerted the firm to the problem, Zoho fixed it at the end of March with ADAudit Plus build 7060. Read More…