cbcvebase.
CVE-2022-40300
published 2022-09-16

CVE-2022-40300: Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have…

PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
99.27%
99.9th percentile
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

Affected

63 ranges· showing 25
VendorProductVersion rangeFixed in
zohocorpmanageengine_access_manager_plus
zohocorpmanageengine_access_manager_plus
zohocorpmanageengine_access_manager_plus
zohocorpmanageengine_access_manager_plus
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_pam360
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro
zohocorpmanageengine_password_manager_pro

Detection & IOCsextracted from sources · hover to see the quote

url/AddResourceType.ve
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Zoho ManageEngine Password Manager Pro SQL Injection (CVE-2022-40300)"; flow:established,to_server; http.uri; content:"/AddResourceType.ve"; fast_pattern; http.request_body; content:"name|3d 22|resourceType|22|"; pcre:"/^[\x0d\x0a]+[^\x0d\x0a]*?[\x27\x22\x3b\x2d\x5c\x2a\x2f]/R"; http.method; content:"POST"; reference:url,www.trendmicro.com/en/research/22/k/sql-injection-manageengine-privileged-access-management.html; reference:cve,2022-40300; classtype:web-application-attack; sid:2066283; rev:1; metadata:affected_product Zoho_ManageEngine, attack_target Server, tls_state TLSDecrypt, created_at 2025_12_11, cve CVE_2022_40300, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence High, signature_severity Major, tag Exploit, updated_at 2025_12_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
  • Monitor for HTTP POST requests to the /AddResourceType.ve endpoint; string matching for the Request-URI and 'POST' method should be case-sensitive.
  • Traffic is encrypted via HTTPS; decryption (TLS inspection) is required before applying detection logic.
  • The Request-URI may be URL-encoded; decode it before matching against /AddResourceType.ve.
  • ·The Snort/Suricata rule (sid:2066283) requires TLS decryption to be effective, as indicated by the tls_state:TLSDecrypt and deployment:SSLDecrypt metadata.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.