CVE-2022-43672

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zohocorp:manageengine_access_manager_plus::::::::
	cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300::::::
	cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301::::::
	cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302::::::
	cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303::::::
	cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304::::::
	cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305::::::
	cpe:2.3:a:zohocorp:manageengine_pam360::::::::
	cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700::::::
	cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710::::::
	cpe:2.3:a:zohocorp:manageengine_password_manager_pro::::::::
	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100::::::
	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101::::::
	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110::::::
	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120::::::
	cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121::::::

History

16 Nov 2022, 23:13

Type	Values Removed	Values Added
First Time		Zohocorp manageengine Password Manager Pro Zohocorp Zohocorp manageengine Access Manager Plus Zohocorp manageengine Pam360
References	~~(MISC) https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html -~~	(MISC) https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
CWE		CWE-89
CPE		cpe:2.3:a:zohocorp:manageengine_password_manager_pro:::::::: cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:::::: cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:::::: cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:::::: cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:::::: cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:::::: cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:::::: cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:::::: cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:::::: cpe:2.3:a:zohocorp:manageengine_access_manager_plus:::::::: cpe:2.3:a:zohocorp:manageengine_pam360:::::::: cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:::::: cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:::::: cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:::::: cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:::::: cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304::::::

12 Nov 2022, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-12 04:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-43672

Mitre link : CVE-2022-43672

CVE.ORG link : CVE-2022-43672

JSON object : View

Products Affected

zohocorp

manageengine_pam360
manageengine_password_manager_pro
manageengine_access_manager_plus

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

9.8 /10