CVE-2022-29081

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.

Zoho ManageEngine Access Manager Plus versiones anteriores a 4302, Password Manager Pro versiones anteriores a 12007 y PAM360 versiones anteriores a 5401 son vulnerables a una omisión del control de acceso en algunas URL de la API Rest (para SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. y Synchronize) por medio de la subcadena ../RestAPI

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-04-12 CVE Reserved
2022-04-28 CVE Published
2024-07-05 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://www.tenable.com/security/research/tra-2022-14	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.manageengine.com/privileged-session-management/advisory/cve-2022-29081.html	2023-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.0 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.0"		build4000		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.1 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.1"		build4100		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.1 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.1"		build4101		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"		build4200		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"		build4201		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"		build4202		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"		build4203		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3"		build4300		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"				4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3"		build4301		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				4.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.0"		build4001		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				4.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.0"		build4002		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				4.1 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.1"		build4100		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				4.1 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.1"		build4101		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				4.5 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.5"		build4500		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				4.5 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.5"		build4501		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"		build5000		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"		build5001		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"		build5002		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"		build5003		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"		build5004		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.1 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.1"		build5100		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.2 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.2"		build5200		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.3 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3"		build5300		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.3 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3"		build5301		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.3 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3"		build5302		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360"				5.4 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.4"		build5400		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"		build10103		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"		build10104		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.2 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.2"		build10200		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"		build10300		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"		build10301		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"		build10302		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"		build10400		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"		build10401		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"		build10402		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"		11104		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"		build_11101		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"		build_11102		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"		build_11103		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.2 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.2"		11200		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.2 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.2"		11201		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.3"		build11300		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				11.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.3"		build11301		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"		build12000		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"		build12001		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"		build12002		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"		build12003		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"		build12004		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"		build12005		Affected
Zohocorp Search vendor "Zohocorp"		Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"				12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"		build12006		Affected