ManageEngine.ADAudit.Plus.CVE-2022-28219.XXE
Description
This indicates an attack attempt against an Information Disclosure vulnerability in Zoho ManageEngine ADAudit Plus.
The vulnerabilities is due to an error in the application when handling a crafted XML file. A remote attacker can exploit this to gain unauthorized access to sensitive information, via a crafted XML file.
Affected Products
Zoho ManageEngine ADAudit Plus before 7060
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2023-08-07 | 25.615 | Name:Zoho. ManageEngine. ADAudit. Plus. XML. External. Entity. Injection:ManageEngine. ADAudit. Plus. CVE-2022-28219. XXE |
2022-08-16 | 21.375 | Sig Added |
2022-08-04 | 21.368 | Default_action:pass:drop |
2022-07-26 | 21.363 |