← Zuruck zu CVEs
CVE-2022-40300
CRITICAL9.8
Beschreibung
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht9/16/2022
Zuletzt geandert11/6/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
zohocorp:manageengine_access_manager_pluszohocorp:manageengine_pam360zohocorp:manageengine_password_manager_pro
Schwachen (CWE)
CWE-89
Referenzen
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html(cve@mitre.org)
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.