CVE-2022-28219
Published: 05 April 2022
Summary
CVE-2022-28219 is a critical-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Zohocorp Manageengine Adaudit Plus. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Cewolf, a charting component bundled in Zoho ManageEngine ADAudit Plus versions prior to 7060, contains an unauthenticated XML External Entity vulnerability (CWE-611) that can be triggered over the network. The flaw carries a CVSS 3.1 score of 9.8 and permits remote code execution with full confidentiality, integrity, and availability impact.
An attacker with no credentials can submit a crafted XML payload to the affected Cewolf endpoint, causing the server to process external entities and ultimately execute arbitrary code on the underlying host.
Vendor guidance and public advisories direct administrators to upgrade ADAudit Plus to release 7060 or later; the same references also document the availability of a targeted patch that removes the vulnerable Cewolf configuration.
The CVE maintains a very high EPSS score, currently 0.9420 with a recorded peak of 0.9723, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-32673
Vulnerability details
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.