Zohocorp Manageengine_pam360
14 CVEs affecting Zohocorp Manageengine_pam360. Latest disclosed: 2026-01-13. Critical: 8, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-47966 | Critical | 9.8 | 2023-01-18 | Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka… |
CVE-2022-47523 | Critical | 9.8 | 2023-01-05 | Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. |
CVE-2022-43672 | Critical | 9.8 | 2022-11-12 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software compo… |
CVE-2022-43671 | Critical | 9.8 | 2022-11-12 | Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection. |
CVE-2022-40300 | Critical | 9.8 | 2022-09-16 | Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multi… |
CVE-2022-35405 | Critical | 9.8 | 2022-07-19 | Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEn… |
CVE-2022-29081 | Critical | 9.8 | 2022-04-28 | Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few R… |
CVE-2021-44525 | Critical | 9.8 | 2021-12-20 | Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is… |
CVE-2024-5546 | High | 8.3 | 2024-08-28 | Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulne… |
CVE-2025-11669 | High | 8.1 | 2026-01-13 | Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an… |
CVE-2024-27312 | High | 8.1 | 2024-05-20 | Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This… |
CVE-2023-2291 | High | 7.8 | 2023-04-26 | Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine… |
CVE-2024-27313 | Medium | 6.3 | 2024-05-29 | Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. |
CVE-2023-6105 | Medium | 5.5 | 2023-11-15 | An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user wit… |