Security advisory for remote code execution vulnerability (CVE-2022-1471) in ManageEngine EventLog A

Security advisory for remote code execution vulnerability (CVE-2022-1471) in ManageEngine EventLog A

Security advisory for remote code execution vulnerability (CVE-2022-1471) in ManageEngine EventLog Analyzer

 

Vulnerability Details

Product name

EventLog Analyzer

Severity

Critical

Affected software versions

12523 and 12524

Fixed version

12526

Fixed on

23/12/2024

 

Details:

The ManageEngine EventLog Analyzer product was affected by a remote code execution vulnerability stemming from an issue in SnakeYAML (CVE-2022-1471).

Impact:

This vulnerability can allow high privilege adversaries to conduct remote code executions.

What should customers do?

Given the severity of this vulnerability, customers are strongly advised to update EventLog Analyzer to the latest build, 12526, immediately.


Note: This issue only impacts EventLog Analyzer builds 12523 and 12524; other versions are not affected.

Please get in touch with the product support for further details at support@eventloganalyzer.com

      • Topic Participants

      • Varun

                  New to ADSelfService Plus?