The Cybersecurity and Infrastructure Security Agency (CISA) added a critical severity Java deserialization vulnerability (CVE-2022-35405) to its list of vulnerabilities being exploited in the wild that allow for a threat actor to gain remote code execution. The vulnerability affects servers running unpatched Zoho ManageEngine PAM360, Password Manager Pro, or Access Manager Plus, with the former two not requiring any authentication while the latter does. Security patches for this vulnerability were released by the company in July. Proof-of-concept exploit code and a Metasploit module targeting this vulnerability have been publicly available since August.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security