// For flags

CVE-2022-35405

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Zoho ManageEngine Password Manager Pro versiones anteriores a 12101 y PAM360 versiones anteriores a 5510, son vulnerables a una ejecución de código remota sin autenticación. (Esto también afecta a ManageEngine Access Manager Plus versiones anteriores a 4303 con autenticación).

Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-07-08 CVE Reserved
  • 2022-07-19 CVE Published
  • 2022-09-22 Exploited in Wild
  • 2022-09-27 First Exploit
  • 2022-10-13 KEV Due Date
  • 2024-08-03 CVE Updated
  • 2024-11-07 EPSS Updated
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
< 4.3
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version " < 4.3"
-
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.3
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3"
build4300
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.3
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3"
build4301
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Access Manager Plus
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus"
4.3
Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3"
build4302
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
< 5.5
Search vendor "Zohocorp" for product "Manageengine Pam360" and version " < 5.5"
-
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Pam360
Search vendor "Zohocorp" for product "Manageengine Pam360"
5.5
Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.5"
build5500
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
< 12.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version " < 12.1"
-
Affected
Zohocorp
Search vendor "Zohocorp"
Manageengine Password Manager Pro
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro"
12.1
Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.1"
build12100
Affected