ZOHO | Critical Vulnerability

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability

The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.

Tracked as CVE-2021-44077 (CVSS score: 9.8), the issue relates to an unauthenticated, remote code execution vulnerability