Vulnerability-Lookup

CVE-2022-28219 (GCVE-0-2022-28219)

Vulnerability from cvelistv5 – Published: 2022-04-05 18:32 – Updated: 2024-08-03 05:48

KEVintel KEV

Summary

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

5 references

URL	Tags
https://manageengine.com	x_refsource_MISC
https://www.manageengine.com/products/active-dire…	x_refsource_CONFIRM
https://www.horizon3.ai/red-team-blog-cve-2022-28219/	x_refsource_MISC
http://cewolf.sourceforge.net/new/index.html	x_refsource_MISC
http://packetstormsecurity.com/files/167997/Manag…	x_refsource_MISC

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 8432d71b-6ff2-4be0-be74-836fb88ed24c

Vulnerability ID: CVE-2022-28219

Status: Confirmed

Status Updated: 2025-08-04 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2025-08-04

Asserted: 2025-08-04

Scope

Notes: KEVIntel entry: Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | Affected: Zoho / ManageEngine ADAudit Plus | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
Vendor	Zoho
Product	ManageEngine ADAudit Plus
Added Date	2025-08-04T00:00:00.000Z
Cvss Score	9.8
Epss Score	None
Cvss Severity	CRITICAL
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	True

References

Created: 2026-06-19 12:45 UTC | Updated: 2026-06-19 12:45 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://manageengine.com"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cewolf.sourceforge.net/new/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-08T18:06:16.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://manageengine.com"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cewolf.sourceforge.net/new/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28219",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://manageengine.com",
              "refsource": "MISC",
              "url": "https://manageengine.com"
            },
            {
              "name": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html",
              "refsource": "CONFIRM",
              "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
            },
            {
              "name": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/",
              "refsource": "MISC",
              "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/"
            },
            {
              "name": "http://cewolf.sourceforge.net/new/index.html",
              "refsource": "MISC",
              "url": "http://cewolf.sourceforge.net/new/index.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28219",
    "datePublished": "2022-04-05T18:32:21.000Z",
    "dateReserved": "2022-03-30T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:48:37.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-28219",
      "date": "2026-06-21",
      "epss": "0.96907",
      "percentile": "0.99882"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.0\", \"matchCriteriaId\": \"9CA0AE32-C300-46C3-9C2F-0B6F855FE42A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*\", \"matchCriteriaId\": \"16BADE82-3652-4074-BDFF-828B7213CAF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*\", \"matchCriteriaId\": \"01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFA4FC59-CC4F-4F21-9AE9-3F526C91411C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*\", \"matchCriteriaId\": \"26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*\", \"matchCriteriaId\": \"97EA9324-9377-46E1-A0EA-637128E65DED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA5BE36E-A73A-4D1C-8185-9692373F1444\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*\", \"matchCriteriaId\": \"F505C783-09DE-4045-9DB4-DD850B449A48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*\", \"matchCriteriaId\": \"212BF664-02DE-457F-91A6-6F824ECC963B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*\", \"matchCriteriaId\": \"D102B74F-6762-4EFE-BAF7-A7D416867D9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.\"}, {\"lang\": \"es\", \"value\": \"Cewolf en Zoho ManageEngine ADAudit Plus antes de 7060 es vulnerable a un ataque XXE no autenticado que conduce a la ejecuci\\u00f3n remota de c\\u00f3digo\"}]",
      "id": "CVE-2022-28219",
      "lastModified": "2024-11-21T06:56:58.413",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-04-05T19:15:08.360",
      "references": "[{\"url\": \"http://cewolf.sourceforge.net/new/index.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://manageengine.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.horizon3.ai/red-team-blog-cve-2022-28219/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://cewolf.sourceforge.net/new/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://manageengine.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.horizon3.ai/red-team-blog-cve-2022-28219/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-28219\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-04-05T19:15:08.360\",\"lastModified\":\"2024-11-21T06:56:58.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.\"},{\"lang\":\"es\",\"value\":\"Cewolf en Zoho ManageEngine ADAudit Plus antes de 7060 es vulnerable a un ataque XXE no autenticado que conduce a la ejecuci\u00f3n remota de c\u00f3digo\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"9CA0AE32-C300-46C3-9C2F-0B6F855FE42A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*\",\"matchCriteriaId\":\"16BADE82-3652-4074-BDFF-828B7213CAF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*\",\"matchCriteriaId\":\"01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFA4FC59-CC4F-4F21-9AE9-3F526C91411C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*\",\"matchCriteriaId\":\"97EA9324-9377-46E1-A0EA-637128E65DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA5BE36E-A73A-4D1C-8185-9692373F1444\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*\",\"matchCriteriaId\":\"F505C783-09DE-4045-9DB4-DD850B449A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*\",\"matchCriteriaId\":\"212BF664-02DE-457F-91A6-6F824ECC963B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*\",\"matchCriteriaId\":\"D102B74F-6762-4EFE-BAF7-A7D416867D9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A\"}]}]}],\"references\":[{\"url\":\"http://cewolf.sourceforge.net/new/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://manageengine.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.horizon3.ai/red-team-blog-cve-2022-28219/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://cewolf.sourceforge.net/new/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://manageengine.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.horizon3.ai/red-team-blog-cve-2022-28219/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

BDU:2022-04166

Vulnerability from fstec - Published: 05.04.2022

Title

Уязвимость компонента cewolf программного средства управления и отчетности Windows Active Directory (AD) Zoho ManageEngine ADAudit Plus, позволяющая нарушителю проводить XXE-атаки

Description

Уязвимость компонента cewolf программного средства управления и отчетности Windows Active Directory (AD) Zoho ManageEngine ADAudit Plus связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить XXE-атаки

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ZOHO Corp.

Software Name

Zoho ManageEngine ADAudit Plus

Software Version

до 7060 (Zoho ManageEngine ADAudit Plus)

Possible Mitigations

Использование рекомендаций производителя: https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html

Reference

http://cewolf.sourceforge.net/new/index.html https://manageengine.com https://www.horizon3.ai/red-team-blog-cve-2022-28219/ https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html

CWE

CWE-611

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ZOHO Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 7060 (Zoho ManageEngine ADAudit Plus)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.07.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04166",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-28219",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Zoho ManageEngine ADAudit Plus",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 cewolf \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043e\u0442\u0447\u0435\u0442\u043d\u043e\u0441\u0442\u0438 Windows Active Directory (AD) Zoho ManageEngine ADAudit Plus, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b (CWE-611)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 cewolf \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u043e\u0442\u0447\u0435\u0442\u043d\u043e\u0441\u0442\u0438 Windows Active Directory (AD) Zoho ManageEngine ADAudit Plus \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c XML-\u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c XXE-\u0430\u0442\u0430\u043a\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://cewolf.sourceforge.net/new/index.html\nhttps://manageengine.com\nhttps://www.horizon3.ai/red-team-blog-cve-2022-28219/\nhttps://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html\nhttp://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-611",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2022-29866

Vulnerability from cnvd - Published: 2022-04-18

Title

Zoho ManageEngine ADAudit Plus远程代码执行漏洞

Description

Zoho ManageEngine Adaudit Plus是美国Zoho Corporation公司的用于简化审计、证明合规性和检测威胁。 Zoho ManageEngine ADAudit Plus7060之前版本存在远程代码执行漏洞，未经身份验证的攻击者可利用该漏洞进行远程代码执行。

Severity

高

Patch Name

Zoho ManageEngine ADAudit Plus远程代码执行漏洞的补丁

Patch Description

Zoho ManageEngine Adaudit Plus是美国Zoho Corporation公司的用于简化审计、证明合规性和检测威胁。 Zoho ManageEngine ADAudit Plus7060之前版本存在远程代码执行漏洞，未经身份验证的攻击者可利用该漏洞进行远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html

Reference

https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html

Impacted products

Name
Zoho ManageEngine ADAudit Plus <7060

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-28219"
    }
  },
  "description": "Zoho ManageEngine Adaudit Plus\u662f\u7f8e\u56fdZoho Corporation\u516c\u53f8\u7684\u7528\u4e8e\u7b80\u5316\u5ba1\u8ba1\u3001\u8bc1\u660e\u5408\u89c4\u6027\u548c\u68c0\u6d4b\u5a01\u80c1\u3002\n\nZoho ManageEngine ADAudit Plus7060\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-29866",
  "openTime": "2022-04-18",
  "patchDescription": "Zoho ManageEngine Adaudit Plus\u662f\u7f8e\u56fdZoho Corporation\u516c\u53f8\u7684\u7528\u4e8e\u7b80\u5316\u5ba1\u8ba1\u3001\u8bc1\u660e\u5408\u89c4\u6027\u548c\u68c0\u6d4b\u5a01\u80c1\u3002\r\n\r\nZoho ManageEngine ADAudit Plus7060\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Zoho ManageEngine ADAudit Plus\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Zoho ManageEngine ADAudit Plus \u003c7060"
  },
  "referenceLink": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html",
  "serverity": "\u9ad8",
  "submitTime": "2022-04-07",
  "title": "Zoho ManageEngine ADAudit Plus\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2022-28219

Vulnerability from fkie_nvd - Published: 2022-04-05 19:15 - Updated: 2026-06-17 04:38

KEVintel KEV

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

References

URL	Tags
cve@mitre.org	http://cewolf.sourceforge.net/new/index.html	Product, Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://manageengine.com	Vendor Advisory
cve@mitre.org	https://www.horizon3.ai/red-team-blog-cve-2022-28219/	Exploit, Third Party Advisory
cve@mitre.org	https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://cewolf.sourceforge.net/new/index.html	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://manageengine.com	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.horizon3.ai/red-team-blog-cve-2022-28219/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
zohocorp	manageengine_adaudit_plus	*
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0
zohocorp	manageengine_adaudit_plus	7.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA0AE32-C300-46C3-9C2F-0B6F855FE42A",
              "versionEndIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*",
              "matchCriteriaId": "16BADE82-3652-4074-BDFF-828B7213CAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*",
              "matchCriteriaId": "01E9CAE9-4B45-4E7A-BE78-6E7E9A3A04E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*",
              "matchCriteriaId": "CFA4FC59-CC4F-4F21-9AE9-3F526C91411C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*",
              "matchCriteriaId": "26A6F6D1-540C-43C5-96A7-0E36F3E0A4D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*",
              "matchCriteriaId": "97EA9324-9377-46E1-A0EA-637128E65DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*",
              "matchCriteriaId": "EA5BE36E-A73A-4D1C-8185-9692373F1444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*",
              "matchCriteriaId": "10F48951-44A1-42C1-AE2A-B2CDFFCAFDBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*",
              "matchCriteriaId": "F505C783-09DE-4045-9DB4-DD850B449A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*",
              "matchCriteriaId": "212BF664-02DE-457F-91A6-6F824ECC963B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*",
              "matchCriteriaId": "D102B74F-6762-4EFE-BAF7-A7D416867D9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*",
              "matchCriteriaId": "FEDF5C01-41D8-45C0-8F0D-3A7FCB6DADEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*",
              "matchCriteriaId": "5D6ACBF5-25C6-403A-BCFA-66A90A8B4E14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*",
              "matchCriteriaId": "CF50DCAC-33E1-4FE2-BF3C-C6A17CC8E48A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution."
    },
    {
      "lang": "es",
      "value": "Cewolf en Zoho ManageEngine ADAudit Plus antes de 7060 es vulnerable a un ataque XXE no autenticado que conduce a la ejecuci\u00f3n remota de c\u00f3digo"
    }
  ],
  "id": "CVE-2022-28219",
  "lastModified": "2026-06-17T04:38:10.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-05T19:15:08.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "http://cewolf.sourceforge.net/new/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://manageengine.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "http://cewolf.sourceforge.net/new/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://manageengine.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CGV8-9R56-PQQH

Vulnerability from github – Published: 2022-04-06 00:01 – Updated: 2022-04-13 00:00

Details

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-28219"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-05T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.",
  "id": "GHSA-cgv8-9r56-pqqh",
  "modified": "2022-04-13T00:00:42Z",
  "published": "2022-04-06T00:01:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28219"
    },
    {
      "type": "WEB",
      "url": "https://manageengine.com"
    },
    {
      "type": "WEB",
      "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219"
    },
    {
      "type": "WEB",
      "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
    },
    {
      "type": "WEB",
      "url": "http://cewolf.sourceforge.net/new/index.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-28219

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.

Aliases

CVE-2022-28219

Aliases

CVE-2022-28219

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-28219",
    "description": "Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.",
    "id": "GSD-2022-28219"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-28219"
      ],
      "details": "Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.",
      "id": "GSD-2022-28219",
      "modified": "2023-12-13T01:19:34.797120Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-28219",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://manageengine.com",
            "refsource": "MISC",
            "url": "https://manageengine.com"
          },
          {
            "name": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html",
            "refsource": "CONFIRM",
            "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
          },
          {
            "name": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/",
            "refsource": "MISC",
            "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/"
          },
          {
            "name": "http://cewolf.sourceforge.net/new/index.html",
            "refsource": "MISC",
            "url": "http://cewolf.sourceforge.net/new/index.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7008:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7050:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7051:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7052:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7053:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7054:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28219"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://manageengine.com",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://manageengine.com"
            },
            {
              "name": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.manageengine.com/products/active-directory-audit/cve-2022-28219.html"
            },
            {
              "name": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.horizon3.ai/red-team-blog-cve-2022-28219/"
            },
            {
              "name": "http://cewolf.sourceforge.net/new/index.html",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "http://cewolf.sourceforge.net/new/index.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/167997/ManageEngine-ADAudit-Plus-Path-Traversal-XML-Injection.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-26T02:30Z",
      "publishedDate": "2022-04-05T19:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-28219 (GCVE-0-2022-28219)

KEVintel KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

BDU:2022-04166

CNVD-2022-29866

FKIE_CVE-2022-28219

GHSA-CGV8-9R56-PQQH

GSD-2022-28219

Tags

Sightings

Nomenclature