Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Manageengine_pam360
(Zohocorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-16 | CVE-2022-40300 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | Manageengine_access_manager_plus, Manageengine_pam360, Manageengine_password_manager_pro | 9.8 | ||
| 2022-04-28 | CVE-2022-29081 | Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring. | Manageengine_access_manager_plus, Manageengine_pam360, Manageengine_password_manager_pro | 9.8 | ||
| 2021-12-20 | CVE-2021-44525 | Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | Manageengine_pam360 | 9.8 |