Login
Get a Demo
Become a Partner
SOCRadar® Cyber Intelligence Inc. | All You Need To Know About the ManageEngine Vulnerability (CVE-2022-40300)
Table Of Content
Home

Resources

Blog
Kas 25, 2022
2 Mins Read

All You Need To Know About the ManageEngine Vulnerability (CVE-2022-40300)

What is the Vulnerability in ManageEngine (CVE-2022-40300)?

Recently, Zoho has patched a vulnerability tracked as CVE-2022-40300 in ManageEngine. The vulnerability affects a few products and could lead to SQL injection due to resource types being validated improperly in AutoLogonHelperUtil class. 

How Critical is the CVE-2022-40300 Vulnerability?

The vulnerability in ManageEngine is of critical severity, with a CVSS score of 9.8

Which Versions are Vulnerable?

Products

Versions

Password Manager Pro

From 12120 before 12121

PAM360

From 5550 before 5600

Access Manager Plus

From 4304 before 4305

How Does the CVE-2022-40300 Vulnerability Work? 

A remote attacker has to send a crafted HTTPS request to their targeted server’s default port to exploit the CVE-2022-40300 vulnerability.

If the request is successful, the attacker will get access to the product’s web interface and will be able to run arbitrary SQL codes with System privileges in the database service’s security context. 

A user with System privileges can add or edit a resource type in the products’ web interface, which will be submitted as an HTTP multipart or form-data request to the AddResourceType.ve endpoint.

You can find more details about CVE-2022-40300 on the SOCRadar platform.
You can find more details about CVE-2022-40300 on the SOCRadar platform.

Is There Any Exploit Code for the Vulnerability? 

A malicious HTTP request example that could exploit the CVE-2022-40300 vulnerability and details are available on Zero Day Initiative’s blog. 

Is There Any Mitigation or Patch Available? 

ManageEngine has not provided any workarounds. It is advised to apply the patches to fix the issues. The fixes are available on ManageEngine’s advisory

How to Detect any Malicious Activity Related to This Vulnerability? 

To determine whether CVE-2022-40300 has been exploited on your server, a detection device has to monitor the traffic on the vulnerable ports, as well as inspect HTTP POST requests to a Request-URI that contains the /AddResourceType.ve string. 

You can find additional information about detection on Zero Day Initiative’s blog.

Related Articles
SOCRadar® Cyber Intelligence Inc. | Major Cyber Attacks in Review: March 2024
Major Cyber Attacks in Review: March 2024
Nis 16, 2024
SOCRadar® Cyber Intelligence Inc. | Cyber Reflections of Iran's Attack on Israel
Cyber Reflections of Iran's Attack on Israel
Nis 15, 2024
SOCRadar® Cyber Intelligence Inc. | Critical PHP Vulnerabilities: Update Now to Prevent Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)
Critical PHP Vulnerabilities: Update Now to Prevent Takeovers and Command Injection (CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757)
Nis 15, 2024
SOCRadar® Cyber Intelligence Inc. | Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet.
Critical OS Command Injection Vulnerability in Palo Alto's GlobalProtect Gateway: CVE-2024-3400. The patch is not available yet.
Nis 12, 2024
SOCRadar® Cyber Intelligence Inc. | Microsoft’s April 2024 Patch Tuesday, 149 Vulnerabilities Patched, Including 2 Zero-Day Vulnerabilities
Microsoft’s April 2024 Patch Tuesday, 149 Vulnerabilities Patched, Including 2 Zero-Day Vulnerabilities
Nis 10, 2024