Top

Keyloggers, spyware, and stealers dominate SMB malware detections

SBF likely off the hook for misplaced FTX funds after cops bust SIM swap ring

Carbanak malware returned in ransomware attacks

Read the clouds, reduce the cyber risk

Maximizing cybersecurity on a budget

image credit: Unsplash

Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

September 23, 2022

Via: Help Net Security

Category:

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog.

The details of in-the-wild exploitation of the flaw aren’t available – though, according to data collected by Greynoise, exploitation attempts don’t seem widespread.

About CVE-2022-35405

CVE-2022-35405 is a remote code execution vulnerability that can be exploited to execute arbitrary code on affected installations of Password Manager Pro and PAM360 without prior authentication, and on Access Manager Plus with prior authentication.

Read More on Help Net Security

Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

Latest Publications

AI set to play key role in future phishing attacks

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

5 Hard Truths About the State of Cloud Security 2024

Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

Previous Article

Next Article

RELATED PUBLICATIONS

Trending

Tags

Latest Publications

AI set to play key role in future phishing attacks

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

5 Hard Truths About the State of Cloud Security 2024