Zoho.ManageEngine.AMP.REST.API.Authentication.Bypass
Description
This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Zoho ManageEngine.
The vulnerability is due to lack of validation of user-supplied inputs. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted message to vulnerable server. Successful exploitation allows the attacker to access certain REST APIs that are not normally accessible.
Affected Products
Zoho ManageEngine Access Manager Plus before 4302
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.manageengine.com/privileged-session-management/release-notes.html
Version Updates
Date | Version | Detail |
---|---|---|
2022-06-30 | 0.00323 |