Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

zohocorp manageengine pam360 5.1 vulnerabilities and exploits

(subscribe to this query)
668
VMScore
CVE-2021-44525
Zoho ManageEngine PAM360 before build 5303 allows malicious users to modify a few aspects of application state because of a filter bypass in which authentication is not required.
Zohocorp Manageengine Pam360 5.3Zohocorp Manageengine Pam360 5.2Zohocorp Manageengine Pam360 5.1Zohocorp Manageengine Pam360 5.0Zohocorp Manageengine Pam360 4.5Zohocorp Manageengine Pam360 4.1Zohocorp Manageengine Pam360 4.0
668
VMScore
CVE-2022-29081
Zoho ManageEngine Access Manager Plus prior to 4302, Password Manager Pro prior to 12007, and PAM360 prior to 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize...
Zohocorp Manageengine Password Manager Pro 10.4Zohocorp Manageengine Password Manager Pro 10.3Zohocorp Manageengine Password Manager Pro 10.2Zohocorp Manageengine Password Manager Pro 10.1Zohocorp Manageengine Password Manager Pro 11.1Zohocorp Manageengine Access Manager Plus 4.2Zohocorp Manageengine Pam360 5.3Zohocorp Manageengine Pam360 5.2Zohocorp Manageengine Pam360 5.1Zohocorp Manageengine Pam360 5.0Zohocorp Manageengine Pam360 4.5Zohocorp Manageengine Pam360 4.1Zohocorp Manageengine Pam360 4.0Zohocorp Manageengine Access Manager Plus 4.1Zohocorp Manageengine Pam360 5.4Zohocorp Manageengine Password Manager Pro 12.0Zohocorp Manageengine Password Manager Pro 11.3Zohocorp Manageengine Password Manager Pro 11.2Zohocorp Manageengine Access Manager Plus 4.3Zohocorp Manageengine Access Manager Plus 4.0
NA
CVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 prior to 12121, PAM360 through 5550 prior to 5600, and Access Manager Plus through 4304 prior to 4305 have multiple SQL injection vulnerabilities.
Zohocorp Manageengine Password Manager Pro 5.4Zohocorp Manageengine Password Manager Pro 6.3Zohocorp Manageengine Password Manager Pro 5.3Zohocorp Manageengine Password Manager Pro 6.4Zohocorp Manageengine Password Manager Pro 6.9Zohocorp Manageengine Password Manager Pro 6.0Zohocorp Manageengine Password Manager Pro 6.2Zohocorp Manageengine Password Manager Pro 6.5Zohocorp Manageengine Password Manager Pro 5.0Zohocorp Manageengine Password Manager Pro 5.1Zohocorp Manageengine Password Manager Pro 5.2Zohocorp Manageengine Password Manager Pro 6.1Zohocorp Manageengine Password Manager Pro 6.6Zohocorp Manageengine Password Manager Pro 6.7Zohocorp Manageengine Password Manager Pro 6.8Zohocorp Manageengine Password Manager Pro 7.0Zohocorp Manageengine Access Manager Plus 4.1Zohocorp Manageengine Access Manager Plus 4.2Zohocorp Manageengine Password Manager Pro 10.0Zohocorp Manageengine Password Manager Pro 10.1Zohocorp Manageengine Password Manager Pro 10.2Zohocorp Manageengine Password Manager Pro 10.3
NA
CVE-2022-47966
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsib...
Zohocorp Manageengine Access Manager Plus 4.3Zohocorp Manageengine Access Manager PlusZohocorp Manageengine Ad360Zohocorp Manageengine Ad360 4.3Zohocorp Manageengine Adaudit Plus 7.0Zohocorp Manageengine Adaudit PlusZohocorp Manageengine Admanager Plus 7.1Zohocorp Manageengine Admanager PlusZohocorp Manageengine Adselfservice Plus 6.2Zohocorp Manageengine Adselfservice PlusZohocorp Manageengine Analytics PlusZohocorp Manageengine Analytics Plus 5.1Zohocorp Manageengine Assetexplorer 6.9Zohocorp Manageengine AssetexplorerZohocorp Manageengine Key Manager PlusZohocorp Manageengine Key Manager Plus 6.4Zohocorp Manageengine Pam360 5.7Zohocorp Manageengine Pam360Zohocorp Manageengine Password Manager ProZohocorp Manageengine Password Manager Pro 12.1Zohocorp Manageengine Servicedesk PlusZohocorp Manageengine Servicedesk Plus 14.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook