Zohocorp Password Manager Pro vulnerable to SQL Injection via Global Search Option
CVE-2024-5546

8.8HIGH

Key Information:

Vendor: Manageengine
Status: Password Manager Pro; Pam360
Vendor: CVE Published:; 28 August 2024

Summary

An authenticated SQL injection vulnerability has been identified in ManageEngine Password Manager Pro and PAM360, affecting versions prior to 12431 and 7001, respectively. This vulnerability allows attackers to exploit the global search functionality, potentially accessing and manipulating sensitive data hosted in the affected systems. Timely updates and patches are critical to mitigate the risks associated with this vulnerability.

Affected Version(s)

PAM360 0 < 7001

Password Manager Pro 0 < 12431

References

https://www.manageengine.com/products/passwordmanagerpro/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 28, 2024
Vulnerability Reserved
May 30, 2024