CVE-2022-40300
- EPSS 38.25%
- Veröffentlicht 16.09.2022 23:15:11
- Zuletzt bearbeitet 06.11.2025 22:24:35
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
CVE-2022-35405
- EPSS 94.31%
- Veröffentlicht 19.07.2022 15:15:08
- Zuletzt bearbeitet 31.10.2025 14:39:58
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
CVE-2022-29081
- EPSS 81.76%
- Veröffentlicht 28.04.2022 20:15:08
- Zuletzt bearbeitet 06.11.2025 22:24:29
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. Fetc...
CVE-2021-44525
- EPSS 0.57%
- Veröffentlicht 20.12.2021 16:15:11
- Zuletzt bearbeitet 21.11.2024 06:31:09
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.