CVE-2021-31857

MEDIUM

Zoho ManageEngine Password Manager Pro <11.1.11104 - Info Disclosure

Title source: llm

Description

In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://www.manageengine.com

Release Notes, Vendor Advisory x_refsource_confirm

https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#pmp11104

Scores

CVSS v3 5.9

EPSS 0.0051

EPSS Percentile 66.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (2)

zohocorp/manageengine_password_manager_pro 11.1 (4 CPE variants)

zohocorp/manageengine_password_manager_pro < 11.1

Published Jun 16, 2021

Tracked Since Feb 18, 2026