A zero-day vulnerability has been disclosed in the IT help desk ManageEngine software made by Zoho Corp. The serious vulnerability enables an unauthenticated, remote attacker to launch attacks on affected systems. Zoho has now released a security update addressing the vulnerability. The vulnerability ranks 9.8 out of 10.0 on the CVSS scale, making it critical in severity in severity. The issue results from improper validation of user-supplied data, which can result in deserialization of untrusted data.
Source: https://threatpost.com/critical-zoho-zero-day-flaw-disclosed/153484/