Vulnerability Description
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zohocorp | Manageengine Access Manager Plus | < 4.3 |
| Zohocorp | Manageengine Pam360 | < 5.5 |
| Zohocorp | Manageengine Password Manager Pro | < 12.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-JaExploitThird Party AdvisoryVDB Entry
- https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405PatchVendor Advisory
- http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-JaExploitThird Party AdvisoryVDB Entry
- https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405PatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource
FAQ
What is CVE-2022-35405?
CVE-2022-35405 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with...
How severe is CVE-2022-35405?
CVE-2022-35405 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-35405?
Check the references section above for vendor advisories and patch information. Affected products include: Zohocorp Manageengine Access Manager Plus, Zohocorp Manageengine Pam360, Zohocorp Manageengine Password Manager Pro.