Lucene search
K

202 matches found

CVE
CVE
added 2022/11/12 12:0 a.m.64 views

CVE-2022-43672

CVE-2022-43672 affects Zoho ManageEngine Password Manager Pro (versions prior to 12122), PAM360 (prior to 5711), and Access Manager Plus (prior to 4306). The Red Hat entries and PT-Security note that the issue allows SQL injection in a different software component relative to CVE-2022-43671. Miti...

9.8CVSS9.8AI score0.67078EPSS
Exploits0References1Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/10/12 12:0 a.m.64 views

ManageEngine Access Manager Plus < 4.3 Build 4303 RCE

The remote host is running a version of ManageEngine Access Manager Plus prior to 4.3 Build 4303. It is, therefore, affected by an authenticated remote code execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported versi...

9.8CVSS9.3AI score0.9994EPSS
Exploits5References2
BDU FSTEC
BDU FSTEC
added 2022/09/28 12:0 a.m.6 views

The vulnerability of the xmlrpc component in the software solutions for control, management, and auditing of Zoho ManageEngine Password Manager Pro, as well as the software solution for managing privileged sessions in Zoho ManageEngine Access Manager Plus, allows a perpetrator to execute arbitrary code.

The vulnerability of the xmlrpc component in the Zoho ManageEngine Password Manager Pro and Zoho ManageEngine Access Manager Plus software solutions for control, management, and auditing functions is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could all...

10CVSS8.5AI score0.9994EPSS
Exploits5References3Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.26 views

ManageEngine Access Manager Plus < 4.3 Build 4305 SQLi

The remote host is running a version of ManageEngine Access Manager Plus prior to 4.3 Build 4305. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the...

9.8CVSS8.7AI score0.99268EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2022/09/22 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-35405

Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution...

9.8CVSS7.7AI score0.9994EPSS
Exploits5References1
CISA KEV Catalog
CISA KEV Catalog
added 2022/09/22 12:0 a.m.36 views

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution...

9.8CVSS9.5AI score0.9994EPSS
In wildExploits5
OSV
OSV
added 2022/09/16 11:15 p.m.5 views

CVE-2022-40300

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities...

9.8CVSS5.8AI score0.99268EPSS
Exploits0References1
NVD
NVD
added 2022/09/16 11:15 p.m.26 views

CVE-2022-40300

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities...

9.8CVSS0.99268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/09/16 11:15 p.m.6 views

CVE-2022-40300

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities...

9.8CVSS7.4AI score0.99268EPSS
Exploits0References2
Prion
Prion
added 2022/09/16 11:15 p.m.24 views

Sql injection

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities...

7.5CVSS9.9AI score0.99268EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2022/09/16 10:47 p.m.28 views

CVE-2022-40300

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities...

10AI score0.99268EPSS
Exploits0References1
CVE
CVE
added 2022/09/16 10:47 p.m.59 views

CVE-2022-40300

CVE-2022-40300 affects Zoho ManageEngine Password Manager Pro (versions up to 12120 before 12121), PAM360 (up to 5550 before 5600), and Access Manager Plus (up to 4304 before 4305). The Red Hat/NVD entries describe multiple SQL injection vulnerabilities in these products. Impact is stated as high...

9.8CVSS9.8AI score0.99268EPSS
Exploits0References1Affected Software3
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.5 views

多款ZOHO产品SQL注入漏洞

ZOHO ManageEngine Password Manager Pro and ZOHO ManageEngine Access Manager Plus are both products of ZOHO India.ZOHO ManageEngine Password Manager Pro is a password manager. ZOHO ManageEngine Access Manager Plus is a privileged session management solution for organizations to centralize, secure...

9.8CVSS8.6AI score0.99268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.6 views

PT-2022-25337 · Zoho · Zoho Manageengine Pam360 +2

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Password Manager Pro versions 12120 through 12120 Zoho ManageEngine PAM360 versions 5550 through 5550 Zoho ManageEngine Access Manager Plus versions 4304 through 4304 Description: The issue involves multiple SQL injection...

9.8CVSS8.4AI score0.99268EPSS
Exploits0References6
OSV
OSV
added 2022/07/19 3:15 p.m.0 views

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

9.8CVSS7.6AI score0.9994EPSS
Exploits5References3
Vulnrichment
Vulnrichment
added 2022/07/19 2:51 p.m.15 views

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

9.9AI score0.9994EPSS
Exploits5References2
Cvelist
Cvelist
added 2022/07/19 2:51 p.m.36 views

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. This also affects ManageEngine Access Manager Plus before 4303 with authentication...

10AI score0.9994EPSS
Exploits5References2
CNNVD
CNNVD
added 2022/07/19 12:0 a.m.14 views

ZOHO ManageEngine Password Manager Pro 代码问题漏洞

ZOHO ManageEngine Password Manager Pro is a password manager from ZOHO, Inc. A security vulnerability exists in ZOHO ManageEngine Password Manager Pro versions prior to 12101 and PAM360 versions prior to 5510 that stems from vulnerability to unauthenticated remote code execution attacks. This als...

9.8CVSS9.2AI score0.9994EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2022/07/19 12:0 a.m.4 views

PT-2022-4859 · Zoho · Zoho Manageengine Pam360 +2

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Password Manager Pro versions prior to 12101 Zoho ManageEngine PAM360 versions prior to 5510 Zoho ManageEngine Access Manager Plus versions prior to 4303 Description: The issue is related to a deserialization mechanism flaw ...

9.8CVSS9.7AI score0.9994EPSS
Exploits5References16
GithubExploit
GithubExploit
added 2022/07/18 8:52 p.m.78 views

Exploit for Deserialization of Untrusted Data in Zohocorp Manageengine_Access_Manager_Plus

CVE-2022-35405 - My blog posthttps://bigous.me/2022/09/06/C...

9.8CVSS9.8AI score0.9994EPSS
Exploits5
Rows per page
Query Builder