CVE-2023-48646Manageengine Recoverymanager Plus vulnerability

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
65.1%
top 1.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Recoverymanager Plus
Timeline
PublishedNov 22
Latest updateDec 9

Description

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2023-48646: Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings2023-11-22
GHSA
GHSA-grg4-qr9m-4rf3: Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings2023-11-22

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Zoho ManageEngine RecoveryManager Plus updateProxySettings Command Injection (CVE-2023-48646)2025-12-09
CVE-2023-48646 — HIGH severity | cvebase