← Back

CVE-2022-43671

nvd nist
Published: Nov 12, 2022Modified: May 1, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.

Affected (16)

Zohocorp
3 products
Manageengine Access Manager Plus
Manageengine Pam360
Manageengine Password Manager Pro
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Access Manager Plus
Before 4.3
Manageengine Access Manager Plus
Version 4.3 build4300
Manageengine Access Manager Plus
Version 4.3 build4301
Manageengine Access Manager Plus
Version 4.3 build4302
Manageengine Access Manager Plus
Version 4.3 build4303
Manageengine Access Manager Plus
Version 4.3 build4304
Manageengine Access Manager Plus
Version 4.3 build4305
Zohocorp
Manageengine Pam360
Before 5.7
Manageengine Pam360
Version 5.7 build5700
Manageengine Pam360
Version 5.7 build5710
Zohocorp
Manageengine Password Manager Pro
Before 12.1
Manageengine Password Manager Pro
Version 12.1 build12100
Manageengine Password Manager Pro
Version 12.1 build12101
Manageengine Password Manager Pro
Version 12.1 build12110
Manageengine Password Manager Pro
Version 12.1 build12120
Manageengine Password Manager Pro
Version 12.1 build12121

Related CWEs

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.