Zoho ManageEngine Applications Manager 13.5
NJCCIC Alert
Original Release Date: 2018-03-16
Pentest.blog researcher Mehmet Ince recently discovered a remote code execution vulnerability and an SQL injection flaw in Zoho ManageEngine Applications Manager 13.5. According to Ince, Zoho plans to release a patch for these vulnerabilities within the next week.
The NJCCIC recommends administrators of Zoho ManageEngine Applications Manager 13.5 review the Pentest.blog advisory and apply the patch when it is made available. Additionally, monitor network logs and intrusion detection systems for suspicious activity and limit external network access to systems running the affected software, specifically over TCP ports 9090 and 8443.
Featured Content
- Pulse Connect Secure Vulnerabilities Are Actively Being Exploited>
- Phishing Campaigns Attempt to Steal Credentials for Cloud Services>
- Geico Hack Impacts Residents in 8 States>
- SonicWall Email Security Vulnerabilities Are Actively Being Exploited>
- New Critical Vulnerabilities in On-Premises Microsoft Exchange Servers>
- Threat Actors Abuse Contact Forms in Recent Malware Campaigns>
- Google Chrome Vulnerabilities Exploited in the Wild – Patch Now>
- Increase in Ransomware Attacks Targeting Education Sector>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.