Security advisory for remote code execution vulnerability (CVE-2022-1471) in ManageEngine EventLog Analyzer
Vulnerability Details | |
Product name | EventLog Analyzer |
Severity | Critical |
Affected software versions | 12523 and 12524 |
Fixed version | 12526 |
Fixed on | 23/12/2024 |
Details:
The ManageEngine EventLog Analyzer product was affected by a remote code execution vulnerability stemming from an issue in SnakeYAML (CVE-2022-1471).
Impact:
This vulnerability can allow high privilege adversaries to conduct remote code executions.
What should customers do?
Given the severity of this vulnerability, customers are strongly advised to update EventLog Analyzer to the latest build, 12526, immediately.
Note: This issue only impacts EventLog Analyzer builds 12523 and 12524; other versions are not affected.