Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html | Exploit Third Party Advisory VDB Entry |
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 |
Information
Published : 2022-07-19 15:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-35405
Mitre link : CVE-2022-35405
CVE.ORG link : CVE-2022-35405
JSON object : View
Products Affected
zohocorp
- manageengine_pam360
- manageengine_access_manager_plus
- manageengine_password_manager_pro
CWE
CWE-502
Deserialization of Untrusted Data