Product:

Manageengine_password_manager_pro

(Zohocorp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 21
Date Id Summary Products Score Patch Annotated
2022-11-12 CVE-2022-43672 Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. Manageengine_access_manager_plus, Manageengine_pam360, Manageengine_password_manager_pro 9.8
2022-11-12 CVE-2022-43671 Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. Manageengine_access_manager_plus, Manageengine_pam360, Manageengine_password_manager_pro 9.8
2023-01-05 CVE-2022-47523 Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. Manageengine_access_manager_plus, Manageengine_pam360, Manageengine_password_manager_pro 9.8
2023-08-11 CVE-2020-27449 Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. Manageengine_password_manager_pro 6.1
2024-08-28 CVE-2024-5546 Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. Manageengine_pam360, Manageengine_password_manager_pro 8.8
2019-06-18 CVE-2019-12133 Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system start. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM. This affects Desktop Central 10.0.380, EventLog Analyzer 12.0.2, ServiceDesk Plus 10.0.0,... Manageengine_analytics_plus, Manageengine_browser_security_plus, Manageengine_desktop_central, Manageengine_eventlog_analyzer, Manageengine_firewall, Manageengine_key_manager_plus, Manageengine_mobile_device_manager_plus, Manageengine_netflow_analyzer, Manageengine_network_configuration_manager, Manageengine_o365_manager_plus, Manageengine_opmanager, Manageengine_oputils, Manageengine_password_manager_pro, Manageengine_patch_connect_plus, Manageengine_patch_manager_plus, Manageengine_servicedesk_plus, Manageengine_supportcenter_plus, Manageengine_vulnerability_manager_plus 7.8
2020-03-09 CVE-2016-1159 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. Manageengine_password_manager_pro N/A
2014-11-17 CVE-2014-8498 SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. Manageengine_password_manager_pro N/A
2014-12-05 CVE-2014-3997 SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. Manageengine_it360, Manageengine_password_manager_pro N/A
2017-12-15 CVE-2017-17698 Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. Manageengine_password_manager_pro 6.1