Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.

Published: Apr 26, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-2291
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-798

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_pam360	-	-
zohocorp / manageengine_access_manager_plus	4.3-build4309	4.3-build4309.x
zohocorp / manageengine_password_manager_pro	-	-

https://tenable.com/security/research/tra-2023-16

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo