VYPR

Manageengine Password Manager Pro

by Zohocorp

CVEs (17)

  • CVE-2026-5785HigApr 16, 2026
    risk 0.53cvss 8.1epss 0.01

    Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

  • CVE-2016-1161HigApr 20, 2017
    risk 0.52cvss 8.0epss 0.01

    Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).

  • CVE-2017-17698MedDec 15, 2017
    risk 0.40cvss 6.1epss 0.02

    Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.

  • CVE-2022-35405KEVJul 19, 2022
    risk 0.23cvss epss 1.00

    Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

  • CVE-2022-29081Apr 28, 2022
    risk 0.07cvss epss 0.83

    Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via…

  • CVE-2022-47523Jan 5, 2023
    risk 0.04cvss epss 0.71

    Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

  • CVE-2022-43671Nov 12, 2022
    risk 0.04cvss epss 0.75

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.

  • CVE-2014-3997Dec 5, 2014
    risk 0.04cvss epss 0.09

    SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and…

  • CVE-2014-8498Nov 17, 2014
    risk 0.04cvss epss 0.13

    SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL…

  • CVE-2025-11669Jan 13, 2026
    risk 0.00cvss epss 0.01

    Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.

  • CVE-2024-5546Aug 28, 2024
    risk 0.00cvss epss 0.03

    Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

  • CVE-2020-27449Aug 11, 2023
    risk 0.00cvss epss 0.03

    Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

  • CVE-2021-33617Jul 31, 2021
    risk 0.00cvss epss 0.02

    Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid.

  • CVE-2020-9347Mar 16, 2020
    risk 0.00cvss epss 0.08

    Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be…

  • CVE-2020-9346Mar 16, 2020
    risk 0.00cvss epss 0.02

    Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.

  • CVE-2016-1159Mar 9, 2020
    risk 0.00cvss epss 0.03

    In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.

  • CVE-2015-5459Jul 8, 2015
    risk 0.00cvss epss 0.03

    SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to…