Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
References
Link | Resource |
---|---|
https://tenable.com/security/research/tra-2023-16 | Exploit Third Party Advisory |
https://tenable.com/security/research/tra-2023-16 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://tenable.com/security/research/tra-2023-16 - Exploit, Third Party Advisory |
Information
Published : 2023-04-26 21:15
Updated : 2024-11-21 07:58
NVD link : CVE-2023-2291
Mitre link : CVE-2023-2291
CVE.ORG link : CVE-2023-2291
JSON object : View
Products Affected
zohocorp
- manageengine_password_manager_pro
- manageengine_pam360
- manageengine_access_manager_plus
CWE