Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Vulnerable ManageEngine servers are exposed to the internet and often configured with a SAML-based single sign-on (SSO) authentication service. An unauthenticated attacker can take advantage of this vulnerability to easily gain control of a server and run arbitrary commands.
Kill Chain
Risk Score
87
Zoho ManageEngine is a suite of products that offer IT management and security solutions. ManageEngine products leverage Security Assertion Markup Language (SAML) for authentication. SAML is an XML-based open standard for transferring identity data between a client and a server. Some ManageEngine products rely on default settings in Apache Santuario (or XML Security) to translate XML input to HTML output. ManageEngine products that include Apache Santuario and are configured with SAML are vulnerable to remote code execution. Attackers exploit this vulnerability by creating an HTTP request with a SAML response, which is XML data that contains a malicious signature. When the ManageEngine server processes the payload, the malicious signature is transformed into an arbitrary Java object instance that calls a method to run the malicious command.
