Common Vulnerabilities and Exposures – October 2022

Share This Post

Critical Zoho ManageEngine RCE Vulnerability

On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated attacker to send a specially crafted XML-RPC request to execute remote code as SYSTEM. This vulnerability can be used by an attacker to receive elevated privileges a target host.

Publicly available proof of concept (PoC) code has been online since August as well as a Metasploit module targeting this specific vulnerability. Brace168 strong recommends patching all Zoho ManageEngine products to their most recent version as a priority.

More To Explore
cyber-security

Excite Cyber Whitepaper – Data Loss Prevention (DLP) as an Enabler for Secure AI Adoption

AI has moved from experiment to operating model, but its real value—and risk—comes down to your data. With 75% of knowledge workers already using AI tools, often without IT oversight, shadow AI is driving a costly wave of breaches that organisations can’t afford to ignore. This whitepaper cuts through the anxiety to show how Microsoft Purview gives you the discovery, classification, and policy controls to make AI safe and productive, turning data security from a blocker into an AI enabler.

19 May 2026
cyber-security

Excite Cyber Threat Intelligence Report – Q1 2026

Q1 2026 has been defined by speed. Storm-1175, a financially motivated affiliate of the Medusa ransomware-as-a-service operation, has emerged as the quarter’s most aggressive threat to Australian businesses, weaponising newly disclosed vulnerabilities in internet-facing systems and moving from initial breach to full ransomware deployment in as little as 24 hours.

29 April 2026