// For flags

CVE-2022-29081

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.

Zoho ManageEngine Access Manager Plus versiones anteriores a 4302, Password Manager Pro versiones anteriores a 12007 y PAM360 versiones anteriores a 5401 son vulnerables a una omisiĆ³n del control de acceso en algunas URL de la API Rest (para SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. y Synchronize) por medio de la subcadena ../RestAPI

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-04-12 CVE Reserved
  • 2022-04-28 CVE Published
  • 2024-07-05 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.0
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.0"
build4000
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.1
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.1"
build4100
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.1
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.1"
build4101
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.2
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"
build4200
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.2
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"
build4201
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.2
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"
build4202
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.2
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2"
build4203
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.3
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3"
build4300
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.3
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3"
build4301
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
4.0
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.0"
build4001
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
4.0
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.0"
build4002
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
4.1
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.1"
build4100
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
4.1
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.1"
build4101
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
4.5
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.5"
build4500
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
4.5
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.5"
build4501
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.0
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"
build5000
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.0
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"
build5001
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.0
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"
build5002
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.0
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"
build5003
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.0
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0"
build5004
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.1
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.1"
build5100
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.2
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.2"
build5200
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.3
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3"
build5300
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.3
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3"
build5301
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.3
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3"
build5302
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.4
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.4"
build5400
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"
build10103
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1"
build10104
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.2
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.2"
build10200
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"
build10300
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"
build10301
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3"
build10302
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.4
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"
build10400
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.4
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"
build10401
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
10.4
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4"
build10402
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"
11104
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"
build_11101
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"
build_11102
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1"
build_11103
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.2
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.2"
11200
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.2
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.2"
11201
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.3"
build11300
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
11.3
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.3"
build11301
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"
build12000
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"
build12001
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"
build12002
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"
build12003
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"
build12004
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"
build12005
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.0
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0"
build12006
Affected