← Back

CVE-2022-35405

nvd nistnuclei
Published: Jul 19, 2022Modified: Oct 31, 2025CISA KEV

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Affected (8)

Zohocorp
3 products
Manageengine Access Manager Plus
Manageengine Pam360
Manageengine Password Manager Pro
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Access Manager Plus
Before 4.3
Manageengine Access Manager Plus
Version 4.3 build4300
Manageengine Access Manager Plus
Version 4.3 build4301
Manageengine Access Manager Plus
Version 4.3 build4302
Zohocorp
Manageengine Pam360
Before 5.5
Manageengine Pam360
Version 5.5 build5500
Zohocorp
Manageengine Password Manager Pro
Before 12.1
Manageengine Password Manager Pro
Version 12.1 build12100

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (5)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.