CVE-2022-43672

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICAL

EPSS

45.6%

top 2.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Access Manager Plus Zohocorp Manageengine Pam360 Zohocorp Manageengine Password Manager PRO

Timeline

PublishedNov 12

Description

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDzohocorp/manageengine_access_manager_plus< 4.3+1

▶NVDzohocorp/manageengine_password_manager_pro< 12.1+1

▶NVDzohocorp/manageengine_pam360< 5.7+1

🔴Vulnerability Details

CVEList

CVE-2022-43672: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different softw↗2022-11-12

▶

GHSA

GHSA-8f8x-4hjh-5xv4: Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different softw↗2022-11-12

▶