On Wednesday, June 29, 2022, Horizon3.ai published a proof-of-concept (PoC) exploit that targets CVE-2022-28219, a critical attack chain that includes unauthenticated XML External Entities (XXE), Java deserialization, and path traversal vulnerabilities that could lead to remote code execution (RCE) if successfully chained together. CVE-2022-28219 impacts Zoho’s ManageEngine ADAudit Plus builds prior to 7060.
ManageEngine patched CVE-2022-28219 on March 30, 2022. Since the initial security advisory was published, active exploitation of CVE-2022-28219 has not been observed. Now, Horizon3.ai has published a detailed write-up and a trivial PoC exploit.
Impacted Products
| Product | Affected Builds | Fixed Builds |
| ManageEngine ADAudit Plus |
|
|
Recommendation: Apply the Available Updates from ManageEngine
We recommend upgrading to the latest version of ADAudit Plus, currently build 7063 (released in June 2022) via the appropriate service pack.
ADAudit Plus Service Packs: https://www.manageengine.com/products/active-directory-audit/service-pack.html
Note: Arctic Wolf recommends the following change management best practices for testing the workaround in a dev environment before deploying to production systems.
