High severity7.8NVD Advisory· Published Apr 26, 2023· Updated Jun 17, 2026
CVE-2023-2291
CVE-2023-2291
Description
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- ManageEngine/Access Manager Plusdescription
- Range: = 4309
Patches
Vulnerability mechanics
References
1- tenable.com/security/research/tra-2023-16nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.