CVE-2022-43672

CRITICAL

Zoho ManageEngine <12122, PAM360 <5711, Access Manager Plus <4306 -...

Title source: llm

Description

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

References (1)

Core 1

Core References

Vendor Advisory

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html

Scores

CVSS v3 9.8

EPSS 0.4331

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (6)

zohocorp/manageengine_access_manager_plus 4.3 build4300 (6 CPE variants)

zohocorp/manageengine_access_manager_plus < 4.3

zohocorp/manageengine_pam360 5.7 build5700 (2 CPE variants)

zohocorp/manageengine_pam360 < 5.7

zohocorp/manageengine_password_manager_pro 12.1 build12100 (5 CPE variants)

zohocorp/manageengine_password_manager_pro < 12.1

Published Nov 12, 2022

Tracked Since Feb 18, 2026