CVE-2022-47523

Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
SQL Injection
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
zohocorpmanageengine_password_manager_pro
𝑥
< 12.2
zohocorpmanageengine_password_manager_pro
12.2:build12200
zohocorpmanageengine_pam360
𝑥
< 5.8
zohocorpmanageengine_pam360
5.8:build5800
zohocorpmanageengine_access_manager_plus
𝑥
< 4.3
zohocorpmanageengine_access_manager_plus
4.3:build4300
zohocorpmanageengine_access_manager_plus
4.3:build4301
zohocorpmanageengine_access_manager_plus
4.3:build4302
zohocorpmanageengine_access_manager_plus
4.3:build4303
zohocorpmanageengine_access_manager_plus
4.3:build4304
zohocorpmanageengine_access_manager_plus
4.3:build4305
zohocorpmanageengine_access_manager_plus
4.3:build4306
zohocorpmanageengine_access_manager_plus
4.3:build4307
zohocorpmanageengine_access_manager_plus
4.3:build4308
𝑥
= Vulnerable software versions