CVE-2022-40300
CRITICALManageEngine Password Manager Pro PAM360 and Access Manager Plus - SQL Injection
Title source: llmDescription
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html
Scores
CVSS v3
9.8
EPSS
0.3825
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (16)
zohocorp/manageengine_access_manager_plus
4.0 build4000
zohocorp/manageengine_access_manager_plus
4.1 build4100 (2 CPE variants)
zohocorp/manageengine_access_manager_plus
4.2 build4200 (4 CPE variants)
zohocorp/manageengine_access_manager_plus
4.3 build4300 (5 CPE variants)
zohocorp/manageengine_pam360
4.0 (3 CPE variants)
zohocorp/manageengine_pam360
4.1 (3 CPE variants)
zohocorp/manageengine_pam360
4.5 (3 CPE variants)
zohocorp/manageengine_pam360
5.0 (6 CPE variants)
zohocorp/manageengine_pam360
5.1 (2 CPE variants)
zohocorp/manageengine_pam360
5.2 (2 CPE variants)
... and 6 more
Published
Sep 16, 2022
Tracked Since
Feb 18, 2026