These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2022-28810 is a remote code execution vulnerability affecting Zoho ManageEngine ADSelfService Plus. CISA added it to the Known Exploited Vulnerabilities catalog on 2023-03-07, which makes timely remediation a defensive priority for any organization running the product.
CVE-2022-47966 is a Zoho ManageEngine remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2023-01-23. Because it is on the KEV list and marked with known ransomware campaign use, organizations running affected ManageEngine products should treat it as urgent and apply vendor updates without delay.
CVE-2022-35405 is a Zoho ManageEngine remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2022-09-22. Because it is on the KEV list, defenders should treat it as an actively exploited issue and prioritize vendor-directed updates for any affected ManageEngine deployments.
CVE-2021-44515 is an authentication bypass vulnerability in Zoho Desktop Central. CISA added it to the Known Exploited Vulnerabilities catalog on 2021-12-10, which indicates known exploitation and makes timely remediation a priority. The available source material does not provide version-specific impact details, so the safest response is to follow Zoho’s vendor instructions and apply updates as directed b [truncated]
CVE-2021-44077 is a Zoho ManageEngine ServiceDesk Plus / SupportCenter Plus remote code execution vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2021-12-01. Because it is in KEV, organizations should treat it as an urgent patching issue and follow vendor update guidance immediately.
CVE-2021-37415 affects Zoho ManageEngine ServiceDesk Plus and is described as an authentication bypass vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2021-12-01, which is a strong indicator that defenders should treat it as an urgent remediation item and follow vendor update guidance.
CVE-2021-40539 affects Zoho ManageEngine ADSelfService Plus and is described by CISA as an authentication bypass vulnerability. It was added to the Known Exploited Vulnerabilities catalog on 2021-11-03, the same date it was published in the supplied record, and CISA notes known ransomware campaign use. Because it is listed in KEV, defenders should treat it as actively exploited and prioritize vendor-direc [truncated]
CVE-2020-10189 is a file upload vulnerability in Zoho ManageEngine Desktop Central that CISA added to its Known Exploited Vulnerabilities catalog. Because CISA lists it as known to be exploited, organizations running Desktop Central should treat remediation as high priority and follow vendor guidance promptly.
CVE-2019-8394 is a file upload vulnerability associated with Zoho ManageEngine ServiceDesk Plus. In the supplied source corpus, CISA lists it in the Known Exploited Vulnerabilities catalog, which means it should be treated as an active defensive priority. The source guidance is straightforward: apply updates per the vendor’s instructions.