ManageEngine PAM360
by Zoho
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-35405 | 0.23 | — | 0.94 | KEV | Jul 19, 2022 | Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.) | ||
| CVE-2022-47523 | 0.04 | — | 0.46 | Jan 5, 2023 | Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | |||
| CVE-2022-43671 | 0.04 | — | 0.52 | Nov 12, 2022 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. | |||
| CVE-2024-27313 | 0.00 | — | 0.01 | May 29, 2024 | Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. |
- risk 0.23cvss —epss 0.94
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
- CVE-2022-47523Jan 5, 2023risk 0.04cvss —epss 0.46
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
- CVE-2022-43671Nov 12, 2022risk 0.04cvss —epss 0.52
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
- CVE-2024-27313May 29, 2024risk 0.00cvss —epss 0.01
Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.