Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
References
Link | Resource |
---|---|
https://tenable.com/security/research/tra-2023-16 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2023-04-26 21:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-2291
Mitre link : CVE-2023-2291
CVE.ORG link : CVE-2023-2291
JSON object : View
Products Affected
zohocorp
- manageengine_pam360
- manageengine_access_manager_plus
- manageengine_password_manager_pro
CWE