CVE-2022-47523

CRITICAL

Zoho ManageEngine Access Manager Plus, Password Manager Pro, and PAM360 - SQL Injection

Title source: llm
STIX 2.1

Description

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.4555
EPSS Percentile 97.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-79 CWE-89
Status published
Products (6)
zohocorp/manageengine_access_manager_plus 4.3 build4300 (9 CPE variants)
zohocorp/manageengine_access_manager_plus < 4.3
zohocorp/manageengine_pam360 5.8 build5800
zohocorp/manageengine_pam360 < 5.8
zohocorp/manageengine_password_manager_pro 12.2 build12200
zohocorp/manageengine_password_manager_pro < 12.2
Published Jan 05, 2023
Tracked Since Feb 18, 2026