← Retour aux CVEs
CVE-2022-35405
CRITICALCISA KEV9.8
Description
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie7/19/2022
Derniere modification10/31/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurZoho
ProduitManageEngine
Nom vulnerabiliteZoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Date ajout KEV2022-09-22
Date limite remediation2022-10-13
Utilise dans ransomwareUnknown
Produits affectes
zohocorp:manageengine_access_manager_pluszohocorp:manageengine_pam360zohocorp:manageengine_password_manager_pro
Faiblesses (CWE)
CWE-502CWE-502
References
http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html(cve@mitre.org)
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html(cve@mitre.org)
http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-35405(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.