8.1
CVE-2025-11669
- EPSS 0.72%
- Veröffentlicht 13.01.2026 14:16:37
- Zuletzt bearbeitet 02.02.2026 15:42:06
- Quelle 0fc0942c-577d-436f-ae8e-945763
- CVE-Watchlists
- Unerledigt
Broken Access Control
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zohocorp ≫ Manageengine Pam360 Version < 8.2
Zohocorp ≫ Manageengine Pam360 Version8.2 Updatebuild8200
Zohocorp ≫ Manageengine Pam360 Version8.2 Updatebuild8201
Zohocorp ≫ Manageengine Access Manager Plus Version < 4.4
Zohocorp ≫ Manageengine Access Manager Plus Version4.4 Updatebuild4400
Zohocorp ≫ Manageengine Password Manager Pro SwEdition- Version < 13.2
Zohocorp ≫ Manageengine Password Manager Pro Version13.2 Updatebuild13200 SwEdition-
Zohocorp ≫ Manageengine Password Manager Pro Version13.2 Updatebuild13210 SwEdition-
Zohocorp ≫ Manageengine Password Manager Pro Version13.2 Updatebuild13220 SwEdition-
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.72% | 0.491 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 0fc0942c-577d-436f-ae8e-945763c79b02 | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html