VYPR

ManageEngine PAM360

by Zoho

CVEs (12)

  • CVE-2022-35405CriKEVJul 19, 2022
    risk 0.87cvss 9.8epss 1.00

    Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

  • CVE-2022-40300CriSep 16, 2022
    risk 0.72cvss 9.8epss 0.99

    Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

  • CVE-2022-43672CriNov 12, 2022
    risk 0.69cvss 9.8epss 0.67

    Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

  • CVE-2020-24786CriAug 31, 2020
    risk 0.65cvss 9.8epss 0.13

    An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…

  • CVE-2021-44525CriDec 20, 2021
    risk 0.64cvss 9.8epss 0.03

    Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.

  • CVE-2021-40177CriAug 29, 2021
    risk 0.64cvss 9.8epss 0.05

    Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.

  • CVE-2021-40175CriAug 29, 2021
    risk 0.64cvss 9.8epss 0.07

    Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.

  • CVE-2021-40174HigAug 29, 2021
    risk 0.57cvss 8.8epss 0.01

    Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.

  • CVE-2021-40172HigAug 29, 2021
    risk 0.57cvss 8.8epss 0.01

    Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.

  • CVE-2024-27313MedMay 29, 2024
    risk 0.41cvss 6.3epss 0.01

    Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.

  • CVE-2021-40178MedAug 29, 2021
    risk 0.40cvss 6.1epss 0.01

    Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.

  • CVE-2021-40176MedAug 29, 2021
    risk 0.40cvss 6.1epss 0.01

    Zoho ManageEngine Log360 before Build 5225 allows stored XSS.