CVE-2023-2291
published 2023-04-26CVE-2023-2291: Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine…
PriorityP344high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.81%
52.2th percentile
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_access_manager_plus | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cisa7.8HIGH
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q9gm-gx3j-8hmm: Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and Mana
ghsa_unreviewed·2023-04-26
CVE-2023-2291 [HIGH] CWE-798 GHSA-q9gm-gx3j-8hmm: Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and Mana
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
CISA
Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
cisa·2023-02-10·CVSS 7.8
CVE-2015-2291 [HIGH] CWE-20 Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
Vulnerability: Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability
Affected: Intel Ethernet Diagnostics Driver for Windows
Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).
Required Action: Apply updates per vendor instructions.
Notes: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html; https://nvd.nist.gov/vuln/detail/CVE-2015-2291
Remediation Due Date: 2023-03-03
No detection rules found.
No public exploits indexed.
2023-04-26
Published