Zoho ManageEngine Applications Manager 13.5

Pentest.blog researcher Mehmet Ince recently discovered a remote code execution vulnerability and an SQL injection flaw in Zoho ManageEngine Applications Manager 13.5. According to Ince, Zoho plans to release a patch for these vulnerabilities within the next week. The NJCCIC recommends administrators of Zoho ManageEngine Applications Manager 13.5 review the Pentest.blog advisory and apply the patch when it is made available. Additionally, monitor network logs and intrusion detection systems for suspicious activity and limit external network access to systems running the affected software, specifically over TCP ports 9090 and 8443.