CVE-2022-40300
published 2022-09-16CVE-2022-40300: Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
99.27%
99.9th percentile
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_access_manager_plus | — | — |
| zohocorp | manageengine_access_manager_plus | — | — |
| zohocorp | manageengine_access_manager_plus | — | — |
| zohocorp | manageengine_access_manager_plus | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
| zohocorp | manageengine_password_manager_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Zoho ManageEngine Password Manager Pro SQL Injection (CVE-2022-40300)"; flow:established,to_server; http.uri; content:"/AddResourceType.ve"; fast_pattern; http.request_body; content:"name|3d 22|resourceType|22|"; pcre:"/^[\x0d\x0a]+[^\x0d\x0a]*?[\x27\x22\x3b\x2d\x5c\x2a\x2f]/R"; http.method; content:"POST"; reference:url,www.trendmicro.com/en/research/22/k/sql-injection-manageengine-privileged-access-management.html; reference:cve,2022-40300; classtype:web-application-attack; sid:2066283; rev:1; metadata:affected_product Zoho_ManageEngine, attack_target Server, tls_state TLSDecrypt, created_at 2025_12_11, cve CVE_2022_40300, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2025_12_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
- →Monitor for HTTP POST requests to the /AddResourceType.ve endpoint; string matching for the Request-URI and 'POST' method should be case-sensitive. ↗
- →Traffic is encrypted via HTTPS; decryption (TLS inspection) is required before applying detection logic. ↗
- →The Request-URI may be URL-encoded; decode it before matching against /AddResourceType.ve. ↗
- ·The Snort/Suricata rule (sid:2066283) requires TLS decryption to be effective, as indicated by the tls_state:TLSDecrypt and deployment:SSLDecrypt metadata.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Zoho ManageEngine Password Manager Pro SQL Injection (CVE-2022-40300)
suricata·2025-12-11·CVSS 9.8
CVE-2022-40300 [CRITICAL] ET WEB_SPECIFIC_APPS Zoho ManageEngine Password Manager Pro SQL Injection (CVE-2022-40300)
ET WEB_SPECIFIC_APPS Zoho ManageEngine Password Manager Pro SQL Injection (CVE-2022-40300)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Zoho ManageEngine Password Manager Pro SQL Injection (CVE-2022-40300)"; flow:established,to_server; http.uri; content:"/AddResourceType.ve"; fast_pattern; http.request_body; content:"name|3d 22|resourceType|22|"; pcre:"/^[\x0d\x0a]+[^\x0d\x0a]*?[\x27\x22\x3b\x2d\x5c\x2a\x2f]/R"; http.method; content:"POST"; reference:url,www.trendmicro.com/en/research/22/k/sql-injection-manageengine-privileged-access-management.html; reference:cve,2022-40300; classtype:web-application-attack; sid:2066283; rev:1; metadata:affected_product Zoho_ManageEngine, attack_target Server, tls_state TLSDecrypt, created_at 2025_12_11, cve CVE_2022_40300, deploy
No public exploits indexed.
Tenable
CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection Vulnerability
blogs_tenable·2023-01-05·CVSS 9.8
[CRITICAL] CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
28th November– Threat Intelligence Report
blogs_checkpoint·2022-11-28
CVE-2022-4135 28th November– Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th November– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th November, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
The European Parliament website has been attacked following a vote declaring Russia a state sponsor of terrorism. The pro-Russian hacktivist groups Anonymous Russia and Killnet, have claimed responsibility for the attack, causing an ongoing DDoS (Distributed Denial of Service).
Ukrainian organizations have been a victim
Trendmicro
SQL Injection in ManageEngine Privileged Access Management
blogs_trendmicro·2022-11-23·CVSS 9.8
CVE-2022-40300 [CRITICAL] SQL Injection in ManageEngine Privileged Access Management
# CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management
Retrieving data. Wait a few seconds and try to cut or copy again.
By: Trend Micro Research
2022/11/23
Read time: ( words)
Save to Folio
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the AutoLogonHelperUtil class. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution in the security context of the database service, which runs with SYSTEM privileges. The following is a portion of their write-up covering CVE-2022-3236, with a few mi
Trendmicro
SQL Injection in ManageEngine Privileged Access Management
blogs_trendmicro·2022-11-23·CVSS 9.8
CVE-2022-40300 [CRITICAL] SQL Injection in ManageEngine Privileged Access Management
## CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management
Retrieving data. Wait a few seconds and try to cut or copy again.
By: Trend Micro Research 2022/11/23 Read time: ( words)
Save to Folio
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the AutoLogonHelperUtil class. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution in the security context of the database service, which runs with SYSTEM privileges. The following is a portion of their write-up covering CVE-2022-3236, with a few mi
Trendmicro
SQL Injection in ManageEngine Privileged Access Management
blogs_trendmicro·2022-11-23·CVSS 9.8
CVE-2022-40300 [CRITICAL] SQL Injection in ManageEngine Privileged Access Management
## CVE-2022-40300: SQL Injection in ManageEngine Privileged Access Management
Retrieving data. Wait a few seconds and try to cut or copy again.
By: Trend Micro Research Nov 23, 2022 Read time: ( words)
Save to Folio
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the AutoLogonHelperUtil class. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution in the security context of the database service, which runs with SYSTEM privileges. The following is a portion of their write-up covering CVE-2022-3236, with a few
2022-09-16
Published