CVE-2022-35405
Severity CVSS v4.0:
Pending analysis
Type:
CWE-502
Deserialization of Untrusted Dat
Publication date:
19/07/2022
Last modified:
27/03/2025
Description
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:* | 4.3 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:* | 5.5 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_pam360:5.5:build5500:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:* | 12.1 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html
- https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html
- http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html
- https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html