Multiple Zoho ManageEngine OnPremise products use an outdated Apache Santuario (xmlsec) component which fails to properly validate XML signatures of SAML responses received during the authentication flow. By crafting a specific HTTP request containing a malicious XML payload and sending it to the vulnerable product Assertion Consumer (ACS) URL, an attacker could achieve a remote unauthenticated Remote Code Execution (RCE) on the target instance.

The ManageEngine ServiceDesk Plus MSP running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code.

This plugin requires that both the scanner and target machine have internet access.

A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus MSP prior to 13.0 Build 13001 due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The ManageEngine ServiceDesk Plus running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code.

This plugin requires that both the scanner and target machine have internet access.

The ManageEngine Access Manager Plus running on the remote host is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to execute arbitrary code.

A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus prior to 14.0 Build 14004 due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

ID	Name	Product	Family	Published	Updated	Severity
113550	Zoho ManageEngine SAML SSO Remote Code Execution	Web App Scanning	Component Vulnerability	2/8/2023	12/6/2023	critical
171285	ManageEngine ServiceDesk Plus MSP Unauthenticated RCE (CVE-2022-47966)	Nessus	CGI abuses	2/10/2023	11/12/2024	critical
176856	ManageEngine ServiceDesk Plus MSP < 13.0 Build 13001 RCE	Nessus	CGI abuses	6/7/2023	12/5/2023	critical
171078	ManageEngine ServiceDesk Plus Unauthenticated RCE (CVE-2022-47966)	Nessus	CGI abuses	2/7/2023	11/12/2024	critical
171707	ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)	Nessus	CGI abuses	2/21/2023	11/12/2024	critical
176861	ManageEngine ServiceDesk Plus < 14.0 Build 14004 RCE	Nessus	CGI abuses	6/7/2023	12/5/2023	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical