CVE-2023-2291

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.

Published: Apr 26, 2023
Updated: May 6, 2023
CVE: CVE-2023-2291
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_pam360	-	-
zohocorp / manageengine_access_manager_plus	4.3-build4309	4.3-build4309.x
zohocorp / manageengine_password_manager_pro	-	-

https://tenable.com/security/research/tra-2023-16

Vulnerability Database

289,697

CVE-2023-2291