CVE-2022-35405

CRITICAL KEV NUCLEI

Zohocorp Manageengine Access Manager Plus - Insecure Deserialization

Title source: rule

Description

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Exploits (2)

nomisec WORKING POC 29 stars

by viniciuspereiras · remote

https://github.com/viniciuspereiras/CVE-2022-35405

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Vinicius, Y4er, Grant Willcox · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/zoho_password_manager_pro_xml_rpc_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Zoho ManageEngine - Remote Code Execution

CRITICALby viniciuspereiras,true13

Shodan: http.title:"ManageEngine" || http.title:"manageengine"

FOFA: title="manageengine"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html

[Patch, Vendor Advisory] https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-35405

Scores

CVSS v3 9.8

EPSS 0.9431

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-09-22

VulnCheck KEV 2022-09-22

InTheWild.io 2022-09-22

ENISA EUVD EUVD-2022-38295

Classification

CWE

CWE-502

Status published

Affected Products (8)

zohocorp/manageengine_access_manager_plus < 4.3

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_pam360 < 5.5

zohocorp/manageengine_pam360

zohocorp/manageengine_password_manager_pro < 12.1

zohocorp/manageengine_password_manager_pro

Timeline

Published Jul 19, 2022

KEV Added Sep 22, 2022

Tracked Since Feb 18, 2026