Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Published: Jul 19, 2022
Updated: Nov 4, 2025
CVE: CVE-2022-35405
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_access_manager_plus	4.3-build4300	4.3-build4300.x
zohocorp / manageengine_access_manager_plus	4.3-build4301	4.3-build4301.x
zohocorp / manageengine_access_manager_plus	-	4.3
zohocorp / manageengine_access_manager_plus	4.3-build4302	4.3-build4302.x
zohocorp / manageengine_password_manager_pro	-	12.1
zohocorp / manageengine_password_manager_pro	12.1-build12100	12.1-build12100.x
zohocorp / manageengine_pam360	-	5.5
zohocorp / manageengine_pam360	5.5-build5500	5.5-build5500.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo