CVE-2024-5546

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

1.2%

top 20.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Manageengine Pam360 Manageengine Password Manager PRO Zohocorp Manageengine Pam360 +1 more

Timeline

PublishedAug 28

Description

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 2.8 | Impact: 5.5

Affected Packages4 packages

▶NVDzohocorp/manageengine_password_manager_pro46 versions+45

▶CVEListV5manageengine/password_manager_pro< 12431

▶NVDzohocorp/manageengine_pam36021 versions+20

▶CVEListV5manageengine/pam360< 7001

🔴Vulnerability Details

GHSA

GHSA-9hmf-r3fq-947x: Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Inject↗2024-08-28

▶

CVEList

SQL Injection↗2024-08-28

▶