9.8
CVE-2022-28219
- EPSS 93.97%
- Published 05.04.2022 19:15:08
- Last modified 21.11.2024 06:56:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Data is provided by the National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Adaudit Plus Version <= 6.0
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7000
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7002
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7003
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7004
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7005
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7006
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7007
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7008
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7050
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7051
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7052
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7053
Zohocorp ≫ Manageengine Adaudit Plus Version7.0 Update7054
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 93.97% | 0.999 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.