CVE-2022-29081
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
Zoho ManageEngine Access Manager Plus versiones anteriores a 4302, Password Manager Pro versiones anteriores a 12007 y PAM360 versiones anteriores a 5401 son vulnerables a una omisiĆ³n del control de acceso en algunas URL de la API Rest (para SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. y Synchronize) por medio de la subcadena ../RestAPI
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-04-12 CVE Reserved
- 2022-04-28 CVE Published
- 2024-07-05 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.tenable.com/security/research/tra-2022-14 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.manageengine.com/privileged-session-management/advisory/cve-2022-29081.html | 2023-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.0 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.0" | build4000 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.1 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.1" | build4100 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.1 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.1" | build4101 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2" | build4200 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2" | build4201 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2" | build4202 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.2 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.2" | build4203 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3" | build4300 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3" | build4301 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 4.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.0" | build4001 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 4.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.0" | build4002 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 4.1 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.1" | build4100 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 4.1 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.1" | build4101 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 4.5 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.5" | build4500 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 4.5 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "4.5" | build4501 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0" | build5000 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0" | build5001 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0" | build5002 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0" | build5003 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.0 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.0" | build5004 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.1 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.1" | build5100 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.2 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.2" | build5200 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.3 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3" | build5300 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.3 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3" | build5301 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.3 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.3" | build5302 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.4 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.4" | build5400 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1" | build10103 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.1" | build10104 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.2 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.2" | build10200 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3" | build10300 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3" | build10301 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.3" | build10302 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4" | build10400 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4" | build10401 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 10.4 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "10.4" | build10402 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1" | 11104 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1" | build_11101 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1" | build_11102 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.1" | build_11103 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.2 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.2" | 11200 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.2 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.2" | 11201 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.3" | build11300 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 11.3 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "11.3" | build11301 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0" | build12000 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0" | build12001 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0" | build12002 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0" | build12003 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0" | build12004 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0" | build12005 |
Affected
| ||||||
Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.0 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.0" | build12006 |
Affected
|