Zoho ManageEngine - Access Control Bypass

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize via the ../RestAPI...

CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

CVE-2026-5785

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

CVE-2026-5785

The CVE-2026-5785 issue affects Zohocorp ManageEngine PAM360 (versions before 8531) and ManageEngine Password Manager Pro (versions 8600 to 13230). The vulnerability is an Authenticated SQL injection in the query report module, allowing an attacker with LOW privileges and no user interaction to t...

CVE-2026-5785 SQL Injection

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module...

PT-2026-33319

Name of the Vulnerable Software and Affected Versions ManageEngine PAM360 versions prior to 8531 ManageEngine Password Manager Pro versions 8600 through 13230 Description An authenticated SQL injection exists in the query report module. SQL injection is a type of flaw that allows an attacker to...

CVE-2025-11669

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...

CVE-2025-11669 Broken Access Control

Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality...

CVE-2025-11669

The vulnerability CVE-2025-11669 affects Zohocorp ManageEngine PAM360 (versions before 8202), Password Manager Pro (before 13221), and Access Manager Plus (before 4401). It is described as an authorization issue in the initiate remote session functionality. Remediation: upgrade PAM360 to 8202 or ...

PT-2026-2436

Name of the Vulnerable Software and Affected Versions ManageEngine PAM360 versions prior to 8202 Password Manager Pro versions prior to 13221 Access Manager Plus versions prior to 4401 Description The software is subject to an authorization issue within the initiate remote session functionality...

ZOHO多款产品 安全漏洞

ZOHO Password Manager Pro PMP and so on are products of ZOHO USA company.ZOHO Password Manager Pro is a password manager.ZOHO ManageEngine Access Manager Plus is the ZOHO ManageEngine PAM360 is a complete PAM software. A security vulnerability exists in several ZOHO products, which stems from an...

EUVD-2023-33797

Malicious code in bioql PyPI...

EUVD-2024-24528

Malicious code in bioql PyPI...

CVE-2024-27313

Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610...

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...

CVE-2022-43672

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection in a different software component relative to CVE-2022-43671...

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

CVE-2024-5546

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option...

CVE-2024-27312

Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability...

ManageEngine PAM360 < 7.0 Build 7001 SQLi

The remote host is running a version of ManageEngine PAM360 prior to 7.0 Build 7001. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or...