CVE-2022-35405
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
Zoho ManageEngine Password Manager Pro versiones anteriores a 12101 y PAM360 versiones anteriores a 5510, son vulnerables a una ejecución de código remota sin autenticación. (Esto también afecta a ManageEngine Access Manager Plus versiones anteriores a 4303 con autenticación).
Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-08 CVE Reserved
- 2022-07-19 CVE Published
- 2022-09-22 Exploited in Wild
- 2022-09-27 First Exploit
- 2022-10-13 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-11-07 EPSS Updated
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://xz.aliyun.com/t/11578 | ||
| https://archives2.manageengine.com/passwordmanagerpro/12101/ManageEngine_PasswordManager_Pro_12100_to_12101.ppm |
| URL | Date | SRC |
|---|---|---|
| https://github.com/viniciuspereiras/CVE-2022-35405 | 2022-09-27 | |
| http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html | 2022-06-24 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | < 4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version " < 4.3" | - |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3" | build4300 |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3" | build4301 |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Access Manager Plus Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" | 4.3 Search vendor "Zohocorp" for product "Manageengine Access Manager Plus" and version "4.3" | build4302 |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | < 5.5 Search vendor "Zohocorp" for product "Manageengine Pam360" and version " < 5.5" | - |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Pam360 Search vendor "Zohocorp" for product "Manageengine Pam360" | 5.5 Search vendor "Zohocorp" for product "Manageengine Pam360" and version "5.5" | build5500 |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | < 12.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version " < 12.1" | - |
Affected
| ||||||
| Zohocorp Search vendor "Zohocorp" | Manageengine Password Manager Pro Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" | 12.1 Search vendor "Zohocorp" for product "Manageengine Password Manager Pro" and version "12.1" | build12100 |
Affected
| ||||||