QID 377607

Date Published: 2022-09-26

QID 377607: Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus Remote Code Execution (RCE) Vulnerability

ManageEngine offers enterprise IT management software for your service management, operations management, Active Directory and security needs.

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Affected Versions:
Access Manager Plus Prior to build 4302

Password Manager Pro Prior to build 12100

PAM360 Prior to build 5500

QID Detection Logic:
. Authenticated : This QID checks for file modified date to check if latest build is installed

This remote code execution vulnerability could allow remote attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360 and Access Manager Plus

  • CVSS V3 rated as Critical - 9.8 severity.
  • CVSS V2 rated as Critical - 10 severity.
    • Solution
    This remote code execution vulnerability could allow remote attackers to execute arbitrary code on affected installations of Password Manager Pro, PAM360 and Access Manager Plus
    Vendor References

    CVEs related to QID 377607

    CVE-2022-35405 |
    Software Advisories
    Advisory ID Software Component Link
    cve-2022-35405 URL Logo www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].