Zoho ManageEngine Access Manager Plus prior to 4302, Password Manager Pro prior to 12007, and PAM360 prior to 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
zohocorp manageengine password manager pro 10.4 |
||
zohocorp manageengine password manager pro 10.3 |
||
zohocorp manageengine password manager pro 10.2 |
||
zohocorp manageengine password manager pro 10.1 |
||
zohocorp manageengine password manager pro 11.1 |
||
zohocorp manageengine access manager plus 4.2 |
||
zohocorp manageengine pam360 5.3 |
||
zohocorp manageengine pam360 5.2 |
||
zohocorp manageengine pam360 5.1 |
||
zohocorp manageengine pam360 5.0 |
||
zohocorp manageengine pam360 4.5 |
||
zohocorp manageengine pam360 4.1 |
||
zohocorp manageengine pam360 4.0 |
||
zohocorp manageengine access manager plus 4.1 |
||
zohocorp manageengine pam360 5.4 |
||
zohocorp manageengine password manager pro 12.0 |
||
zohocorp manageengine password manager pro 11.3 |
||
zohocorp manageengine password manager pro 11.2 |
||
zohocorp manageengine access manager plus 4.3 |
||
zohocorp manageengine access manager plus 4.0 |
Vulmon