CVE-2022-43672

CRITICAL

Zoho ManageEngine <12122, PAM360 <5711, Access Manager Plus <4306 -...

Title source: llm

Description

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

References (1)

[Vendor Advisory] https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html

Scores

CVSS v3 9.8

EPSS 0.4558

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (16)

zohocorp/manageengine_access_manager_plus < 4.3

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_pam360 < 5.7

zohocorp/manageengine_pam360

zohocorp/manageengine_pam360

zohocorp/manageengine_password_manager_pro < 12.1

zohocorp/manageengine_password_manager_pro

zohocorp/manageengine_password_manager_pro

zohocorp/manageengine_password_manager_pro

zohocorp/manageengine_password_manager_pro

... and 1 more

Timeline

Published Nov 12, 2022

Tracked Since Feb 18, 2026