CVE-2022-35405

CRITICAL KEV NUCLEI

Zohocorp Manageengine Access Manager Plus - Insecure Deserialization

Title source: rule

Description

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Exploits (2)

nomisec WORKING POC 29 stars

by viniciuspereiras · remote

https://github.com/viniciuspereiras/CVE-2022-35405

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Vinicius, Y4er, Grant Willcox · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/zoho_password_manager_pro_xml_rpc_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Zoho ManageEngine - Remote Code Execution

CRITICALby viniciuspereiras,true13

Shodan: http.title:"ManageEngine" || http.title:"manageengine"

FOFA: title="manageengine"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html

[Patch, Vendor Advisory] https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-35405

Scores

CVSS v3 9.8

EPSS 0.9421

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-09-22

VulnCheck KEV 2022-09-22

InTheWild.io 2022-09-22

ENISA EUVD EUVD-2022-38295

CWE

CWE-502

Status published

Products (6)

zohocorp/manageengine_access_manager_plus 4.3 build4300 (3 CPE variants)

zohocorp/manageengine_access_manager_plus < 4.3

zohocorp/manageengine_pam360 5.5 build5500

zohocorp/manageengine_pam360 < 5.5

zohocorp/manageengine_password_manager_pro 12.1 build12100

zohocorp/manageengine_password_manager_pro < 12.1

Published Jul 19, 2022

KEV Added Sep 22, 2022

Tracked Since Feb 18, 2026