Zoho Addresses SQL Injection Vulnerability in ManageEngine Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged Access Management Software, and Access Manager Plus Privileged Session Management Solution. If exploited, the vulnerability would allow attackers to gain unauthenticated access to the backend database and execute custom queries to access database table entries. Zoho has fixed the issue and is urging customers to upgrade to the latest builds of the affected products immediately.