daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update CVE-2022-35405

patch-1
Vinicius 2022-09-06 00:26:42 -03:00
parent b476bcbed3
commit f47a76c3b9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cves/2022/CVE-2022-35405.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-35405
info:
name: Zoho ManageEngine Password Manager Pro - Unauthenticated Remote Command Execution
name: Zoho ManageEngine Password Manager Pro and PAM 360 - Unauthenticated Remote Command Execution
author: true13
severity: critical
description: |
This is a de-serialization vulnerability that causes unauthenticated RCE in XML-RPC of Zoho Manage Engine Password Manager Pro.
This is a de-serialization vulnerability that causes unauthenticated RCE in XML-RPC of Zoho Manage Engine Password Manager Pro, PAM360 and Access Manager Plus (Authenticated).
reference:
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/zoho_password_manager_pro_xml_rpc_rce.rb
- https://xz.aliyun.com/t/11578