CVE-2022-47523
05.01.2023, 08:15
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
Vendor | Product | Version |
---|---|---|
zohocorp | manageengine_password_manager_pro | 𝑥 < 12.2 |
zohocorp | manageengine_password_manager_pro | 12.2:build12200 |
zohocorp | manageengine_pam360 | 𝑥 < 5.8 |
zohocorp | manageengine_pam360 | 5.8:build5800 |
zohocorp | manageengine_access_manager_plus | 𝑥 < 4.3 |
zohocorp | manageengine_access_manager_plus | 4.3:build4300 |
zohocorp | manageengine_access_manager_plus | 4.3:build4301 |
zohocorp | manageengine_access_manager_plus | 4.3:build4302 |
zohocorp | manageengine_access_manager_plus | 4.3:build4303 |
zohocorp | manageengine_access_manager_plus | 4.3:build4304 |
zohocorp | manageengine_access_manager_plus | 4.3:build4305 |
zohocorp | manageengine_access_manager_plus | 4.3:build4306 |
zohocorp | manageengine_access_manager_plus | 4.3:build4307 |
zohocorp | manageengine_access_manager_plus | 4.3:build4308 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.