CVE-2022-28810 Zoho CVE debrief

Who should care

Administrators and security teams responsible for Zoho ManageEngine ADSelfService Plus deployments should treat this as a priority issue, especially where systems are production-facing or centrally managed.

Technical summary

The supplied source corpus identifies CVE-2022-28810 as a remote code execution issue in Zoho ManageEngine ADSelfService Plus. The CISA KEV record confirms it is a known exploited vulnerability and directs defenders to apply updates per vendor instructions. No CVSS score was provided in the supplied data.

Defensive priority

High. CISA’s KEV inclusion indicates confirmed exploitation risk, and the published remediation due date was 2023-03-28.

Recommended defensive actions

• Apply vendor updates per the vendor instructions referenced by CISA.
• Identify all installations of Zoho ManageEngine ADSelfService Plus in your environment.
• Confirm remediation was completed before or by the CISA KEV due date of 2023-03-28.
• Track this CVE in vulnerability management and exception workflows until every affected instance is verified remediated.

Evidence notes

The CISA Known Exploited Vulnerabilities feed lists CVE-2022-28810 as a Zoho ManageEngine ADSelfService Plus remote code execution vulnerability, with dateAdded 2023-03-07 and dueDate 2023-03-28. The CVE and NVD records corroborate the identifier and vulnerability classification. The supplied corpus did not include a CVSS score.

Official resources