ZohOwned :: A Critical Authentication Bypass on Zoho ManageEngine Desktop Central
Tags
| attack-pattern: | Data Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | a43a809d-8902-4718-98ba-108e3dfec801 |
| Fingerprint | fbbd1f99ab02d6e5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 20, 2022, 2 p.m. |
| Added to db | Jan. 18, 2023, 10:28 p.m. |
| Last updated | Nov. 17, 2024, 12:58 p.m. |
| Headline | ZohOwned :: A Critical Authentication Bypass on Zoho ManageEngine Desktop Central |
| Title | ZohOwned :: A Critical Authentication Bypass on Zoho ManageEngine Desktop Central |
| Detected Hints/Tags/Attributes | 34/1/12 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 13 | cve-2021-44515 |
|
| Details | CVE | 24 | cve-2020-10189 |
|
| Details | CVE | 1 | cve-2022-23863 |
|
| Details | Domain | 3 | iterator.next |
|
| Details | Domain | 1 | ite.next |
|
| Details | Domain | 14 | in.read |
|
| Details | File | 40 | web.xml |
|
| Details | File | 6 | logger.log |
|
| Details | File | 1 | state.key |
|
| Details | File | 30 | this.log |
|
| Details | File | 3 | ger.log |
|
| Details | File | 1 | param.opt |