What is CVE-2022-43672?

CVE-2022-43672 is a vulnerability that allows SQL Injection in Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus.

What is the severity of CVE-2022-43672?

CVE-2022-43672 has a severity rating of 9.8 out of 10, which is classified as critical.

How does CVE-2022-43672 affect Zoho ManageEngine Password Manager Pro?

CVE-2022-43672 affects Zoho ManageEngine Password Manager Pro versions before 12.1. It allows SQL Injection in the software.

How does CVE-2022-43672 affect PAM360?

CVE-2022-43672 affects PAM360 versions before 5.7. It allows SQL Injection in the software.

How does CVE-2022-43672 affect Access Manager Plus?

CVE-2022-43672 affects Access Manager Plus versions before 4.3. It allows SQL Injection in the software.

How can I fix CVE-2022-43672 in Zoho ManageEngine Password Manager Pro?

To fix CVE-2022-43672 in Zoho ManageEngine Password Manager Pro, you should upgrade to version 12.1 or later.

How can I fix CVE-2022-43672 in PAM360?

To fix CVE-2022-43672 in PAM360, you should upgrade to version 5.7 or later.

How can I fix CVE-2022-43672 in Access Manager Plus?

To fix CVE-2022-43672 in Access Manager Plus, you should upgrade to version 4.3 or later.

Vulnerability/
CVE-2022-43672

critical

9.8

CWE

12/11/2022

21/11/2024

CVE-2022-43672: SQL Injection

First published: Sat Nov 12 2022(Updated: )

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Zohocorp Manageengine Access Manager Plus	<4.3
Zohocorp Manageengine Access Manager Plus	=4.3-build4300
Zohocorp Manageengine Access Manager Plus	=4.3-build4301
Zohocorp Manageengine Access Manager Plus	=4.3-build4302
Zohocorp Manageengine Access Manager Plus	=4.3-build4303
Zohocorp Manageengine Access Manager Plus	=4.3-build4304
Zohocorp Manageengine Access Manager Plus	=4.3-build4305
Zohocorp ManageEngine PAM360	<5.7
Zohocorp ManageEngine PAM360	=5.7-build5700
Zohocorp ManageEngine PAM360	=5.7-build5710
Zohocorp Manageengine Password Manager Pro	<12.1
Zohocorp Manageengine Password Manager Pro	=12.1-build12100
Zohocorp Manageengine Password Manager Pro	=12.1-build12101
Zohocorp Manageengine Password Manager Pro	=12.1-build12110
Zohocorp Manageengine Password Manager Pro	=12.1-build12120
Zohocorp Manageengine Password Manager Pro	=12.1-build12121
	<4.3
	=4.3-build4300
	=4.3-build4301
	=4.3-build4302
	=4.3-build4303
	=4.3-build4304
	=4.3-build4305
	<5.7
	=5.7-build5700
	=5.7-build5710
	<12.1
	=12.1-build12100
	=12.1-build12101
	=12.1-build12110
	=12.1-build12120
	=12.1-build12121

Never miss a vulnerability like this again

Reference Links

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html

Frequently Asked Questions

What is CVE-2022-43672?
CVE-2022-43672 is a vulnerability that allows SQL Injection in Zoho ManageEngine Password Manager Pro, PAM360, and Access Manager Plus.
What is the severity of CVE-2022-43672?
CVE-2022-43672 has a severity rating of 9.8 out of 10, which is classified as critical.
How does CVE-2022-43672 affect Zoho ManageEngine Password Manager Pro?
CVE-2022-43672 affects Zoho ManageEngine Password Manager Pro versions before 12.1. It allows SQL Injection in the software.
How does CVE-2022-43672 affect PAM360?
CVE-2022-43672 affects PAM360 versions before 5.7. It allows SQL Injection in the software.
How does CVE-2022-43672 affect Access Manager Plus?
CVE-2022-43672 affects Access Manager Plus versions before 4.3. It allows SQL Injection in the software.
How can I fix CVE-2022-43672 in Zoho ManageEngine Password Manager Pro?
To fix CVE-2022-43672 in Zoho ManageEngine Password Manager Pro, you should upgrade to version 12.1 or later.
How can I fix CVE-2022-43672 in PAM360?
To fix CVE-2022-43672 in PAM360, you should upgrade to version 5.7 or later.
How can I fix CVE-2022-43672 in Access Manager Plus?
To fix CVE-2022-43672 in Access Manager Plus, you should upgrade to version 4.3 or later.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
vendor/zohocorp
canonical/zohocorp manageengine access manager plus
version/zohocorp manageengine access manager plus/4.3-build4300
version/zohocorp manageengine access manager plus/4.3-build4301
version/zohocorp manageengine access manager plus/4.3-build4302
version/zohocorp manageengine access manager plus/4.3-build4303
version/zohocorp manageengine access manager plus/4.3-build4304
version/zohocorp manageengine access manager plus/4.3-build4305
canonical/zohocorp manageengine pam360
version/zohocorp manageengine pam360/5.7-build5700
version/zohocorp manageengine pam360/5.7-build5710
canonical/zohocorp manageengine password manager pro
version/zohocorp manageengine password manager pro/12.1-build12100
version/zohocorp manageengine password manager pro/12.1-build12101
version/zohocorp manageengine password manager pro/12.1-build12110
version/zohocorp manageengine password manager pro/12.1-build12120
version/zohocorp manageengine password manager pro/12.1-build12121