Incoming 'spray and pray' attacks
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-manageengine-rce-bug-patch-now/
Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products.
This pre-authentication RCE flaw is tracked as CVE-2022-47966 and stems from using an outdated and vulnerable version of the Apache Santuario library.
Incoming 'spray and pray' attacks
Jan 19, 2023, 5:28pm UTC
https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-manageengine-rce-bug-patch-now/
> Proof-of-concept exploit code is now available for a remote code execution (RCE) vulnerability in multiple Zoho ManageEngine products.
> This pre-authentication RCE flaw is tracked as CVE-2022-47966 and stems from using an outdated and vulnerable version of the Apache Santuario library.