Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html | Exploit Third Party Advisory VDB Entry |
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html | Patch Vendor Advisory |
http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html | Exploit Third Party Advisory VDB Entry |
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html - Patch, Vendor Advisory |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 |
Information
Published : 2022-07-19 15:15
Updated : 2024-11-21 07:11
NVD link : CVE-2022-35405
Mitre link : CVE-2022-35405
CVE.ORG link : CVE-2022-35405
JSON object : View
Products Affected
zohocorp
- manageengine_password_manager_pro
- manageengine_pam360
- manageengine_access_manager_plus
CWE
CWE-502
Deserialization of Untrusted Data