CVE-2022-28810 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability

Vulnerability Name

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability

Description

Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html

https://nvd.nist.gov/vuln/detail/CVE-2022-28810