“Over recent months, ManageEngine has been targeted in campaigns from multiple threat groups. According to ZoHo, CVE-2021-44515 has been exploited in the wild as a zero-day, making this the third vulnerability this year in ManageEngine to be adopted by threat actors. It’s common to see these sorts of pile-ons after a product has been leveraged in publicized attacks; once it is known that a product or service is vulnerable, threat actors often put it under a microscope to find additional avenues of attack.” — Claire Tills, Senior Research Engineer, Tenable
