9.8
CVE-2022-35405
- EPSS 94.42%
- Published 19.07.2022 15:15:08
- Last modified 27.03.2025 13:59:59
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
Data is provided by the National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Access Manager Plus Version < 4.3
Zohocorp ≫ Manageengine Access Manager Plus Version4.3 Updatebuild4300
Zohocorp ≫ Manageengine Access Manager Plus Version4.3 Updatebuild4301
Zohocorp ≫ Manageengine Access Manager Plus Version4.3 Updatebuild4302
Zohocorp ≫ Manageengine Pam360 Version < 5.5
Zohocorp ≫ Manageengine Pam360 Version5.5 Updatebuild5500
Zohocorp ≫ Manageengine Password Manager Pro Version < 12.1
Zohocorp ≫ Manageengine Password Manager Pro Version12.1 Updatebuild12100
22.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
VulnerabilityZoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 94.42% | 1 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.