CVE-2022-43671SQL Injection in Manageengine Access Manager Plus

CWE-89SQL Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
52.0%
top 2.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Zohocorp Manageengine Access Manager PlusZohocorp Manageengine Pam360Zohocorp Manageengine Password Manager PRO
Timeline
PublishedNov 12

Description

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

2
CVEList
CVE-2022-43671: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection2022-11-12
GHSA
GHSA-hvv4-8q8q-fp7m: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection2022-11-12
CVE-2022-43671 — SQL Injection | cvebase