CVE-2022-47523
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
05/01/2023
Last modified:
09/04/2025
Description
Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:* | 12.2 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.2:build12200:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:* | 5.8 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_pam360:5.8:build5800:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:* | 4.3 (excluding) | |
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4306:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4307:*:*:*:*:*:* | ||
| cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4308:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page