Incoming "spray and pray" attacks
https://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-manageengine-rce-bug-patch-now/
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products.
Tracked as CVE-2022-47966, this pre-auth RCE security flaw is due to using an outdated and vulnerable third-party dependency, Apache Santuario.
Incoming "spray and pray" attacks
Jan 18, 2023, 12:35am UTC
https://www.bleepingcomputer.com/news/security/researchers-to-release-poc-exploit-for-critical-manageengine-rce-bug-patch-now/
> Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several Zoho ManageEngine products.
> Tracked as CVE-2022-47966, this pre-auth RCE security flaw is due to using an outdated and vulnerable third-party dependency, Apache Santuario.