Product:

Manageengine_pam360

(Zohocorp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 13
Date Id Summary Products Score Patch Annotated
2022-11-12 CVE-2022-43671 Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. Manageengine_access_manager_plus, Manageengine_pam360, Manageengine_password_manager_pro 9.8
2022-11-12 CVE-2022-43672 Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. Manageengine_access_manager_plus, Manageengine_pam360, Manageengine_password_manager_pro 9.8
2023-01-18 CVE-2022-47966 Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081,... Manageengine_access_manager_plus, Manageengine_ad360, Manageengine_adaudit_plus, Manageengine_admanager_plus, Manageengine_adselfservice_plus, Manageengine_analytics_plus, Manageengine_application_control_plus, Manageengine_assetexplorer, Manageengine_browser_security_plus, Manageengine_device_control_plus, Manageengine_endpoint_dlp_plus, Manageengine_key_manager_plus, Manageengine_os_deployer, Manageengine_pam360, Manageengine_password_manager_pro, Manageengine_patch_manager_plus, Manageengine_remote_access_plus, Manageengine_remote_monitoring_and_management_central, Manageengine_servicedesk_plus, Manageengine_servicedesk_plus_msp, Manageengine_supportcenter_plus, Manageengine_vulnerability_manager_plus 9.8