module
ManageEngine ServiceDesk Plus Unauthenticated SAML RCE
| Disclosed |
|---|
| Jan 10, 2023 |
Disclosed
Jan 10, 2023
Description
This exploits an unauthenticated remote code execution vulnerability
that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and
below (CVE-2022-47966). Due to a dependency to an outdated library
(Apache Santuario version 1.4.1), it is possible to execute arbitrary
code by providing a crafted `samlResponse` XML to the ServiceDesk Plus
SAML endpoint. Note that the target is only vulnerable if it has been
configured with SAML-based SSO at least once in the past, regardless of
the current SAML-based SSO status.
that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and
below (CVE-2022-47966). Due to a dependency to an outdated library
(Apache Santuario version 1.4.1), it is possible to execute arbitrary
code by providing a crafted `samlResponse` XML to the ServiceDesk Plus
SAML endpoint. Note that the target is only vulnerable if it has been
configured with SAML-based SSO at least once in the past, regardless of
the current SAML-based SSO status.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.