Vulnerability Database

296,760

Total vulnerabilities in the database

CVE-2022-43672

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

Published: Nov 12, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-43672
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_access_manager_plus	4.3-build4300	4.3-build4300.x
zohocorp / manageengine_access_manager_plus	4.3-build4301	4.3-build4301.x
zohocorp / manageengine_access_manager_plus	-	4.3
zohocorp / manageengine_access_manager_plus	4.3-build4302	4.3-build4302.x
zohocorp / manageengine_password_manager_pro	-	12.1
zohocorp / manageengine_password_manager_pro	12.1-build12100	12.1-build12100.x
zohocorp / manageengine_access_manager_plus	4.3-build4303	4.3-build4303.x
zohocorp / manageengine_access_manager_plus	4.3-build4304	4.3-build4304.x
zohocorp / manageengine_password_manager_pro	12.1-build12110	12.1-build12110.x
zohocorp / manageengine_password_manager_pro	12.1-build12120	12.1-build12120.x
zohocorp / manageengine_password_manager_pro	12.1-build12101	12.1-build12101.x
zohocorp / manageengine_access_manager_plus	4.3-build4305	4.3-build4305.x
zohocorp / manageengine_pam360	5.7-build5710	5.7-build5710.x
zohocorp / manageengine_pam360	5.7-build5700	5.7-build5700.x
zohocorp / manageengine_pam360	-	5.7
zohocorp / manageengine_password_manager_pro	12.1-build12121	12.1-build12121.x

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime