Latest zohocorp manageengine password manager pro Vulnerabilities

CVE-2023-6105
ManageEngine Information Disclosure in Multiple Products
Zoho ManageEngine<5.3
Zohocorp Manageengine Appcreator<2.0.0
Zohocorp Manageengine Application Control Plus<11.2.2328.01
Zohocorp Manageengine Browser Security Plus<11.2.2328.01
Zoho ManageEngine<11.2.2328.01
Zohocorp Manageengine Endpoint Central<11.2.2322.01
and 782 more
CVE-2020-27449
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafte...
Zohocorp Manageengine Password Manager Pro=11.1-build_11101
CVE-2023-2291
Zohocorp Manageengine Access Manager Plus=4.3-build4309
Zohocorp Manageengine Pam360
Zohocorp Manageengine Password Manager Pro
CVE-2022-47966
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 153 more
CVE-2022-47523
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
Zohocorp Manageengine Password Manager Pro<12.2
Zohocorp Manageengine Password Manager Pro=12.2-build12200
Zohocorp Manageengine Pam360<5.8
Zohocorp Manageengine Pam360=5.8-build5800
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
and 8 more
CVE-2022-43671
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 10 more
CVE-2022-43672
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Access Manager Plus=4.3-build4303
Zohocorp Manageengine Access Manager Plus=4.3-build4304
and 10 more
CVE-2022-40300
Zohocorp Manageengine Access Manager Plus=4.0-build4000
Zohocorp Manageengine Access Manager Plus=4.1-build4100
Zohocorp Manageengine Access Manager Plus=4.1-build4101
Zohocorp Manageengine Access Manager Plus=4.2-build4200
Zohocorp Manageengine Access Manager Plus=4.2-build4201
Zohocorp Manageengine Access Manager Plus=4.2-build4202
and 309 more
CVE-2022-35405
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Zohocorp Manageengine Access Manager Plus<4.3
Zohocorp Manageengine Access Manager Plus=4.3-build4300
Zohocorp Manageengine Access Manager Plus=4.3-build4301
Zohocorp Manageengine Access Manager Plus=4.3-build4302
Zohocorp Manageengine Pam360<5.5
Zohocorp Manageengine Pam360=5.5-build5500
and 3 more
CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction....
Zohocorp Manageengine Access Manager Plus=4.0-build4000
Zohocorp Manageengine Access Manager Plus=4.1-build4100
Zohocorp Manageengine Access Manager Plus=4.1-build4101
Zohocorp Manageengine Access Manager Plus=4.2-build4200
Zohocorp Manageengine Access Manager Plus=4.2-build4201
Zohocorp Manageengine Access Manager Plus=4.2-build4202
and 44 more
CVE-2021-33617
Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is...
Zohocorp Manageengine Password Manager Pro<11.2
Zohocorp Manageengine Password Manager Pro=11.2
CVE-2021-31857
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.
Zohocorp Manageengine Password Manager Pro<11.1
Zohocorp Manageengine Password Manager Pro=11.1
Zohocorp Manageengine Password Manager Pro=11.1-build_11101
Zohocorp Manageengine Password Manager Pro=11.1-build_11102
Zohocorp Manageengine Password Manager Pro=11.1-build_11103
CVE-2020-9347
** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor...
Zohocorp Manageengine Password Manager Pro=10.0
Zohocorp Manageengine Password Manager Pro=10.0-build10001
Zohocorp Manageengine Password Manager Pro=10.1-build10100
Zohocorp Manageengine Password Manager Pro=10.1-build10101
Zohocorp Manageengine Password Manager Pro=10.1-build10102
Zohocorp Manageengine Password Manager Pro=10.1-build10103
and 24 more
CVE-2020-9346
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
Zohocorp Manageengine Password Manager Pro<10.4
Zohocorp Manageengine Password Manager Pro=10.4
Zohocorp Manageengine Password Manager Pro=10.4-build10400
Zohocorp Manageengine Password Manager Pro=10.4-build10401
Zohocorp Manageengine Password Manager Pro=10.4-build10402
CVE-2016-1159
In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service.
Zohocorp Manageengine Password Manager Pro=8.3-build8303
Zohocorp Manageengine Password Manager Pro=8.4-build8400
Zohocorp Manageengine Password Manager Pro=8.4-build8401
Zohocorp Manageengine Password Manager Pro=8.4-build8402
CVE-2019-12133
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associat...
Zoho ManageEngine=1.0
Zohocorp Manageengine Browser Security Plus
Zohocorp Manageengine Desktop Central=10.0.380
Zohocorp Manageengine Eventlog Analyzer=12.0.2
Zohocorp Manageengine Firewall=12.0
Zohocorp Manageengine Key Manager Plus=5.6
and 12 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203