Zoho Addresses SQL Injection Vulnerability in ManageEngine Products

Threat Advisories

Zoho Addresses SQL Injection Vulnerability in ManageEngine Products

Threat Level
Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged Access Management Software, and Access Manager Plus Privileged Session Management Solution. If exploited, the vulnerability would allow attackers to gain unauthenticated access to the backend database and execute custom queries to access database table entries. Zoho has fixed the issue and is urging customers to upgrade to the latest builds of the affected products immediately.