module
Zoho Password Manager Pro XML-RPC Java Deserialization
| Disclosed |
|---|
| Jun 24, 2022 |
Disclosed
Jun 24, 2022
Description
This module exploits a Java deserialization vulnerability in Zoho ManageEngine Pro
before 12101 and PAM360 before 5510. Unauthenticated attackers can send a
crafted XML-RPC request containing malicious serialized data to /xmlrpc to
gain RCE as the SYSTEM user.
before 12101 and PAM360 before 5510. Unauthenticated attackers can send a
crafted XML-RPC request containing malicious serialized data to /xmlrpc to
gain RCE as the SYSTEM user.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.