Zoho urges admins to patch severe ManageEngine bug immediately


Customers of business software supplier Zoho are being asked to patch a high-severity security hole impacting numerous ManageEngine products. A successful exploitation gives authorised attackers access to the backend database and enables them to run custom queries to obtain database table entries.

The company’s Password Manager Pro secure vault, PAM360 privileged access management programme, and Access Manager Plus privileged session management solution all include the flaw, identified as CVE-2022-47523, a SQL injection vulnerability.

Read More…