CVE-2022-47523

Summary

CVE	CVE-2022-47523
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-01-05 08:15:00 UTC
Updated	2023-01-11 18:01:00 UTC
Description	Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.

Risk And Classification

Problem Types: CWE-89

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Access Manager Plus	All	All	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4300	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4301	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4302	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4303	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4304	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4305	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4306	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4307	All	All
Application	Zohocorp	Manageengine Access Manager Plus	4.3	build4308	All	All
Application	Zohocorp	Manageengine Pam360	All	All	All	All
Application	Zohocorp	Manageengine Pam360	5.8	build5800	All	All
Application	Zohocorp	Manageengine Password Manager Pro	All	All	All	All
Application	Zohocorp	Manageengine Password Manager Pro	12.2	build12200	All	All

References

Reference	Source	Link	Tags
SQL Injection Vulnerability - CVE-2022-47523 - ManageEngine Access Manager Plus	MISC	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

377868 Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus SQL Injection Vulnerability