ManageEngine PAM360
by Zoho
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-35405 | Cri | 0.87 | 9.8 | 1.00 | KEV | Jul 19, 2022 | Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.) | |
| CVE-2022-40300 | Cri | 0.72 | 9.8 | 0.99 | Sep 16, 2022 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | ||
| CVE-2022-43672 | Cri | 0.69 | 9.8 | 0.67 | Nov 12, 2022 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. | ||
| CVE-2020-24786 | Cri | 0.65 | 9.8 | 0.13 | Aug 31, 2020 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer… | ||
| CVE-2021-44525 | Cri | 0.64 | 9.8 | 0.03 | Dec 20, 2021 | Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | ||
| CVE-2021-40177 | Cri | 0.64 | 9.8 | 0.05 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | ||
| CVE-2021-40175 | Cri | 0.64 | 9.8 | 0.07 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | ||
| CVE-2021-40174 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | ||
| CVE-2021-40172 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | ||
| CVE-2024-27313 | Med | 0.41 | 6.3 | 0.01 | May 29, 2024 | Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. | ||
| CVE-2021-40178 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | ||
| CVE-2021-40176 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2021 | Zoho ManageEngine Log360 before Build 5225 allows stored XSS. |
- risk 0.87cvss 9.8epss 1.00
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
- risk 0.72cvss 9.8epss 0.99
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
- risk 0.69cvss 9.8epss 0.67
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
- risk 0.65cvss 9.8epss 0.13
An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer…
- risk 0.64cvss 9.8epss 0.03
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
- risk 0.64cvss 9.8epss 0.05
Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.
- risk 0.64cvss 9.8epss 0.07
Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.
- risk 0.57cvss 8.8epss 0.01
Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings.
- risk 0.57cvss 8.8epss 0.01
Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.
- risk 0.41cvss 6.3epss 0.01
Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.
- risk 0.40cvss 6.1epss 0.01
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
- risk 0.40cvss 6.1epss 0.01
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.