{"uuid": "697cf02e-0ce0-4eb9-83b2-da45de2fa994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47966", "type": "exploited", "source": "https://t.me/theninjaway1337/1178", "content": "CVE-2022-47966: Rapid7 Observed Exploitation of Critical ManageEngine Vulnerability\n\nRapid7 is responding to various compromises arising from the exploitation of\u00a0CVE-2022-47966, a pre-authentication remote code execution (RCE) vulnerability impacting at least 24 on-premise ManageEngine products. CVE-2022-47966 stems from a vulnerable third-party dependency on Apache Santuario.\nSeveral of the affected products are extremely popular with organizations and attackers, including ADSelfService Plus and ServiceDesk Plus. Patches were released in October and November of 2022; the exact timing of fixed version releases varies by product.\nOrganizations using any of the affected products listed in ManageEngine\u2019s advisory should update immediately and review unpatched systems for signs of compromise, as exploit code is publicly available and exploitation has already begun.\n\nhttps://www.rapid7.com/blog/post/2023/01/19/etr-cve-2022-47966-rapid7-observed-exploitation-of-critical-manageengine-vulnerability/", "creation_timestamp": "2023-01-20T13:53:23.000000Z"}