CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Published: Jul 19, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-35405
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_access_manager_plus	4.3-build4300	4.3-build4300.x
zohocorp / manageengine_access_manager_plus	4.3-build4301	4.3-build4301.x
zohocorp / manageengine_access_manager_plus	-	4.3
zohocorp / manageengine_access_manager_plus	4.3-build4302	4.3-build4302.x
zohocorp / manageengine_password_manager_pro	-	12.1
zohocorp / manageengine_password_manager_pro	12.1-build12100	12.1-build12100.x
zohocorp / manageengine_pam360	-	5.5
zohocorp / manageengine_pam360	5.5-build5500	5.5-build5500.x

Vulnerability Database

289,784

CVE-2022-35405