Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory was later published, summarising the affected products and remediation.
This vulnerability affects several credential management products including ManageEngine PAM360, ManageEngine Access Manager Plus, and ManageEngine Password Manager Pro. In the release notes for the affected products, Zoho indicated that, when exploited, the vulnerabilities can allow any user to access the backend database.
Credential management software has proven to be an attractive target for threat actors, particularly in the case of ransomware and extortionware. The Cybersecurity & Infrastructure Security Agency (CISA) presently lists 6 ManageEngine vulnerabilities as being actively exploited. In September 2022, a vulnerability affecting the same products described in this bulletin was added to that list.
While Arctic Wolf is not aware of active exploitation of CVE-2022-47523 at this time, we are still strongly recommending that all organisations running the affected products upgrade to a fixed version as soon as possible.
Recommendations for CVE-2022-47523
Recommendation: Patch Vulnerable Versions of the PAM360, Access Manager Plus, and Password Manager Pro
Our primary recommendation is to install the latest updates for the following products, as described in Zoho’s advisory:
|Stable Version||Vulnerable Versions||Fixed Versions|
|Password Manager Pro||12200 and below||12210|
|PAM360||5800 and below||5801|
|Access Manager Plus||4308 and below||4309|