## https://sploitus.com/exploit?id=SAINT:25A1AE710DDC7BDF13922068FD6E1AB1
Added: 02/17/2023
### Background
[Zoho ManageEngine ServiceDesk Plus](<https://www.manageengine.com/products/service-desk/>) is IT helpdesk software.
### Problem
A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted `**SAMLResponse**` parameter to the SAML endpoint.
### Resolution
[Upgrade](<https://www.manageengine.com/products/service-desk/on-premises/migration-sequence.html>) to ServiceDesk Plus 14004 or higher.
### References
<https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html>
<https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/>
### Limitations
The target must have been configured with SAML-based SSO at least once in the past in order to be exploitable.
### Platforms
Windows