IT teams and MSPs can be affected by ManageEngine security vulnerability

Zoho has urged its customers to patch a critical ManageEngine security vulnerability affecting multiple products.

The vulnerability is tracked as CVE-2022-47523 an SQL injection bug in the Password Manager Pro secure vault, Access Manager and PAM360 Privileged Access Management Software.

An exploitation of this ManageEngine security vulnerability allows attackers access backend database and execute queries on to table entries.

ManageEngine security vulnerability and the patch

ManageEngine security advisory mentioned “We identified a SQL injection vulnerability (CVE-2022-47523) in our internal framework that would grant access to all [..] users to the backend database.

Given the severity of this vulnerability, customers are strongly advised to upgrade to the latest build of PAM360, Password Manager Pro and Access Manager Plus immediately.”

ManageEngine has fixed the issue last month with correct validation. To update the installation, please download the latest patch for the product – PAM360, Password Manager Pro, Access Manager Plus.

Once downloaded the patch has to be deployed as per the instructions available on each product update page.

Since the vulnerability is severe, customers are highly recommended to update their build to the latest available version of PAM360, Access Manager Plus and Password Manager Pro ASAP.

Last year, CISA sent a warning on critical ManageEngine bugs that are being exploited in the wild for remote code execution on outdated servers with Access Manager Plus, Password Manager Pro and PAM360.

Why ManageEngine has been the sweet spot for threat actors?

ManageEngine has several IT products and is currently serving multiple geographic solutions with clients and partners making them a sweet spot for modern cyberattacks. ManageEngine security vulnerability and exploits only make things hassle-free for threat actors.

Starting with Desktop Central a.k.a Endpoint Central now, ServiceDesk Plus, and the above mentioned tools have been targeted for unpatched vulnerabilities in the recent years.

The widespread popularity and availability of servers at a poor security state is the key reason that hackers can easily manipulate and exploit ManageEngine solutions for breaching the network and extracting data. If not patches at the right time the IT teams and MSPs can become victim to a a major cyber incident.

A hacking maneuver of APT27 hacking group was imitated by other threat actors to breach ManageEngine servers last year on August and October.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter.

You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.