cbcvebase.
CVE-2022-47523
published 2023-01-05

CVE-2022-47523: Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
70.58%
99.3th percentile
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

Affected

6 ranges
VendorProductVersion rangeFixed in
zohocorpmanageengine_access_manager_plus< 4.34.3
zohocorpmanageengine_access_manager_plus
zohocorpmanageengine_pam360< 5.85.8
zohocorpmanageengine_pam360
zohocorpmanageengine_password_manager_pro< 12.212.2
zohocorpmanageengine_password_manager_pro

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-47523 affects Zoho ManageEngine Access Manager Plus before version 4309, Password Manager Pro before version 12210, and PAM360 before version 5801 — detection should flag unpatched instances of these products below these version thresholds
  • Zoho issued a warning to customers about this critical SQL Injection vulnerability affecting multiple ManageEngine products; monitor for exploitation attempts against these products' web interfaces
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.