Detections
Analytics

ManageEngine Access Manager Plus Unauthenticated RCE (CVE-2022-47966)

critical Nessus Plugin ID 171707

Language:

Version 1.54

Oct 16, 2025, 4:39 PM

  • Logic Changes (Implement workaround in HTTP library to prevent triggering an engine bug.)

Plugin Feed: 202510161639

Version 1.52

Oct 1, 2025, 9:12 PM

  • Logic Changes (Adding support for user-supplied header added to all HTTP requests.)

Plugin Feed: 202510012112

Version 1.51

Sep 30, 2025, 12:41 AM

  • Logic Changes (Add extra checks to see whether plugins should run. Modernisation of the HTTP/1 library. Various corrections and fixes for CPE related Flatline Test Failures. Remove spurious authentication header.)

Plugin Feed: 202509300041

Version 1.49

Jul 15, 2025, 2:39 AM

  • Logic Changes

Plugin Feed: 202507150239

Version 1.48

Jul 10, 2025, 5:41 PM

  • Logic Changes (Windows CA support)

Plugin Feed: 202507101741

Version 1.47

Feb 12, 2025, 3:29 PM

  • Logic Changes

Plugin Feed: 202502121529

Version 1.46

Feb 12, 2025, 1:58 AM

  • Logic Changes

Plugin Feed: 202502120158

Version 1.45

Feb 10, 2025, 4:00 PM

  • Logic Changes

Plugin Feed: 202502101600

Version 1.43

Jan 22, 2025, 5:44 PM

  • New

Plugin Feed: 202501221744

Version 1.41

Jan 13, 2025, 10:27 PM

  • New

Plugin Feed: 202501132227

Version 1.37

Nov 22, 2024, 6:54 PM

  • Logic Changes (Fixed installation reporting)

Plugin Feed: 202411221854

Version 1.36

Nov 12, 2024, 8:29 PM

  • Logic Changes (Adding installs report)

Plugin Feed: 202411122029

Version 1.35

Oct 10, 2024, 11:57 PM

  • New

Plugin Feed: 202410102357

Version 1.30

Jul 17, 2024, 11:02 PM

  • Logic Changes

Plugin Feed: 202407172302

Version 1.28

May 20, 2024, 10:13 AM

  • Logic Changes

Plugin Feed: 202405201013

Version 1.25

Mar 19, 2024, 6:40 PM

  • Logic Changes (Improving logging to reduce disk space usage)

Plugin Feed: 202403191840

Version 1.24

Mar 5, 2024, 1:15 AM

  • Logic Changes (Report structured data for RPM version checks.)

Plugin Feed: 202403050115

Version 1.21

Feb 9, 2024, 11:22 AM

  • New

Plugin Feed: 202402091122

Version 1.20

Feb 5, 2024, 4:13 PM

  • New (Implement a Purl generator.)

Plugin Feed: 202402051613

Version 1.18

Dec 5, 2023, 2:37 PM

  • CVSS metrics ("CVSSv2 score" set to 10.0. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C")

Plugin Feed: 202312051437

Version 1.16

Sep 26, 2023, 8:16 PM

  • Logic Changes

Plugin Feed: 202309262016

Version 1.15

Sep 14, 2023, 4:20 PM

  • CVSS metrics ("CVSSv2 score" changed from 10.0 to 7.8. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C" to "CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:N")

Plugin Feed: 202309141620

Version 1.14

Sep 8, 2023, 10:12 PM

  • CEA reference

Plugin Feed: 202309082212

Version 1.13

Sep 1, 2023, 2:16 PM

  • Exploit attributes ("Exploit framework core" set to "True")

Plugin Feed: 202309011416

Version 1.12

Jul 17, 2023, 5:15 PM

  • Logic Changes (Make torture_cgi library PCP clean and consolidate utf16_to_ascii())

Plugin Feed: 202307171715

Version 1.11

Jun 20, 2023, 9:07 PM

  • Logic Changes (Temporarily limit debug logging)

Plugin Feed: 202306202107

Version 1.9

Jun 1, 2023, 5:27 AM

  • Logic Changes (Better logging)

Plugin Feed: 202306010527

Version 1.7

May 1, 2023, 9:07 PM

  • Detection (Make and use compatibility wrapper for running commands on scanner localhost to handle deprecation of pread().)

Plugin Feed: 202305012107

Version 1.5

Apr 4, 2023, 12:12 PM

  • IAVM reference
  • STIG Severity (set to "I")

Plugin Feed: 202304041212

Version 1.3

Mar 8, 2023, 1:05 AM

  • Logic Changes

Plugin Feed: 202303080105

Version 1.2

Feb 22, 2023, 7:59 PM

  • CISA reference

Plugin Feed: 202302221959

Version 1.1

Feb 22, 2023, 2:14 PM

  • CVSS metrics ("CVSSv2 score" changed from "7.5" to "10.0". "CVSSv2 score" changed from "7.5" to "10.0". "CVSSv2 score" changed from "7.5" to "10.0". "CVSSv2 score" changed from "7.5" to "10.0". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C". "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C")
  • CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C")
  • Exploit attributes ("Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploit available" set to "True". "Exploited by malware" set to "True". "Exploitability ease" set to "Exploits are available". "Exploit framework metasploit" set to "True". "Exploited by malware" set to "True". "Exploitability ease" set to "Exploits are available". "Exploit framework metasploit" set to "True". "Exploited by malware" set to "True". "Exploitability ease" set to "Exploits are available". "Exploit framework metasploit" set to "True")

Plugin Feed: 202302221414

Version 1.0

Feb 21, 2023, 8:11 PM

  • New

Plugin Feed: 202302212011

* Changelogs are generally available for changes made after Nov 1, 2022