CVE-2022-47523
published 2023-01-05CVE-2022-47523: Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
PriorityP274critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
70.58%
99.3th percentile
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_access_manager_plus | < 4.3 | 4.3 |
| zohocorp | manageengine_access_manager_plus | — | — |
| zohocorp | manageengine_pam360 | < 5.8 | 5.8 |
| zohocorp | manageengine_pam360 | — | — |
| zohocorp | manageengine_password_manager_pro | < 12.2 | 12.2 |
| zohocorp | manageengine_password_manager_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-47523 affects Zoho ManageEngine Access Manager Plus before version 4309, Password Manager Pro before version 12210, and PAM360 before version 5801 — detection should flag unpatched instances of these products below these version thresholds ↗
- →Zoho issued a warning to customers about this critical SQL Injection vulnerability affecting multiple ManageEngine products; monitor for exploitation attempts against these products' web interfaces ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Checkpoint
9th January – Threat Intelligence Report
blogs_checkpoint·2023-01-09·CVSS 9.8
CVE-2022-41080 [CRITICAL] 9th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th January, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
Check Point Research has published a report on APT-C-36, also known as Blind Eagle – a financially motivated threat group attacking citizens of various countries in South America since at least 2018. CPR has spotted a new campaign by this APT group targeting organizations and government entities in Ecuador with a new and adva
Tenable
CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection Vulnerability
blogs_tenable·2023-01-05·CVSS 9.8
[CRITICAL] CVE-2022-47523: ManageEngine Password Manager Pro, PAM360 and Access Manager Plus SQL Injection Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2025-11669 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-11669 [CRITICAL] CVE-2025-11669 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11669 :
Zoho ManageEngine Access Manager Plus vulnerability analysis and mitigation
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
Source : NVD
## 8.1
Score
Published January 13, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Zoho ManageEngine Access Manager Plus
Zoho ManageEngine PAM360
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:zohocorp:manageengine_access_manager_plus
cpe:2.3:a:zohocorp:manageengin
2023-01-05
Published