Web: https://www.thezdi.com/blog/2022/11/22/cve-2022-40300-sql-injection-in-manageengine-privileged-access-management

Nov. 23, 2022, 3:58 p.m. | Trend Micro Research Team

Zero Day Initiative - Blog thezdi.com

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the AutoLogonHelperUtil class. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution in the security context of the database service, which runs with SYSTEM privileges. The following is a portion of their …

access access management cve injection manageengine management privileged privileged access privileged access management sql sql injection

Senior Cloud Security Engineer

@ HelloFresh | Berlin, Germany

Senior Security Engineer

@ Reverb | Remote, US

I.S. Security Analyst

@ YVFWC | Yakima, WA

Territory Account Manager - Cybersecurity - Little Rock

@ Optiv | Little Rock, AR

Cybersecurity Network Engineer

@ Bitcoin Depot | Remote

Senior Solutions Architect, Prisma Cloud - Visibility, Compliance, and Security (EMEA)

@ Palo Alto Networks | Manchester, United Kingdom

Cloud Security Engineer

@ Snow Software | Solna, Sweden

Senior Security Engineer - 12 month contract - Outside IR35 - Northampton Area

@ Eurofins | Northampton, United Kingdom

Penetration Tester

@ Family Zone | Melbourne, Australia

Senior Consultant - II - Fortinet

@ Optiv | Bengaluru, Karnataka

Snr Professional Services Consultant - XSIAM

@ Palo Alto Networks | Madrid, Spain

Data Governor and Security Specialist

@ Dynatrace | Milan, Italy