Zohocorp Manageengine_access_manager_plus
11 CVEs affecting Zohocorp Manageengine_access_manager_plus. Latest disclosed: 2026-01-13. Critical: 8, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2022-47523 | Critical | 9.8 | 2023-01-05 | Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. |
CVE-2022-43672 | Critical | 9.8 | 2022-11-12 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software compo… |
CVE-2022-43671 | Critical | 9.8 | 2022-11-12 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. |
CVE-2022-40300 | Critical | 9.8 | 2022-09-16 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multi… |
CVE-2022-35405 | Critical | 9.8 | 2022-07-19 | Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEn… |
CVE-2022-29081 | Critical | 9.8 | 2022-04-28 | Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few R… |
CVE-2021-44676 | Critical | 9.8 | 2021-12-20 | Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the appl… |
CVE-2025-11669 | High | 8.1 | 2026-01-13 | Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an… |
CVE-2023-2291 | High | 7.8 | 2023-04-26 | Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine… |
CVE-2023-6105 | Medium | 5.5 | 2023-11-15 | An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user wit… |