CVE-2022-43671
published 2022-11-12CVE-2022-43671: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
PriorityP279critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
74.83%
99.4th percentile
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_access_manager_plus | < 4.3 | 4.3 |
| zohocorp | manageengine_access_manager_plus | — | — |
| zohocorp | manageengine_pam360 | < 5.7 | 5.7 |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_password_manager_pro | < 12.1 | 12.1 |
| zohocorp | manageengine_password_manager_pro | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8f8x-4hjh-5xv4: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different softw
ghsa_unreviewed·2022-11-12·CVSS 9.8
CVE-2022-43672 [CRITICAL] CWE-89 GHSA-8f8x-4hjh-5xv4: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different softw
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
GHSA
GHSA-hvv4-8q8q-fp7m: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection
ghsa_unreviewed·2022-11-12
CVE-2022-43671 [CRITICAL] CWE-89 GHSA-hvv4-8q8q-fp7m: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-12
Published