Common Vulnerabilities and Exposures – October 2022

Share This Post

Critical Zoho ManageEngine RCE Vulnerability

On the 22nd September 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) added a critical unauthenticated Remote Code Execution (RCE) vulnerability affecting Zoho ManageEngine products to their Known Exploited Vulnerabilities catalog. This vulnerability has a CVSS score of 9.8 and exploits a java deserialisation vulnerability that allows an unauthenticated attacker to send a specially crafted XML-RPC request to execute remote code as SYSTEM. This vulnerability can be used by an attacker to receive elevated privileges a target host.

Publicly available proof of concept (PoC) code has been online since August as well as a Metasploit module targeting this specific vulnerability. Brace168 strong recommends patching all Zoho ManageEngine products to their most recent version as a priority.

More To Explore
cyber-security

Excite Cyber ECDC Threat Intelligence Report – Q4 2025

The fourth quarter of 2025 demonstrated an escalating convergence of nation-state espionage, ransomware innovation, and supply-chain exploitation across the Asia–Pacific region. As geopolitical tensions intensify and digital dependencies deepen, threat actors have pivoted from opportunistic attacks to systematic campaigns targeting trust architectures—identities, cloud infrastructure, and third-party integrations that underpin modern enterprise operations.

23 January 2026