CVE-2022-47523

CRITICAL

Zohocorp Manageengine Password Manager Pro < 12.2 - XSS

Title source: rule

Description

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

References (1)

[Patch, Vendor Advisory] https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html

Scores

CVSS v3 9.8

EPSS 0.4555

EPSS Percentile 97.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-79 CWE-89

Status published

Affected Products (14)

zohocorp/manageengine_password_manager_pro < 12.2

zohocorp/manageengine_password_manager_pro

zohocorp/manageengine_pam360 < 5.8

zohocorp/manageengine_pam360

zohocorp/manageengine_access_manager_plus < 4.3

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

zohocorp/manageengine_access_manager_plus

Timeline

Published Jan 05, 2023

Tracked Since Feb 18, 2026