Critical Vulnerability in Multiple ManageEngine Products

Published on 05 Jan 2023

Updated on 05 Jan 2023

Zoho has released security updates to address a critical vulnerability (CVE-2022-47523) in multiple ManageEngine products.

Successful exploitation of the Standard Query Language injection (SQLi) vulnerability could allow attackers to execute custom queries to access database table entries.

The vulnerability affects the following products:

  • Password Manager Pro (versions 12200 and below)
  • PAM360 (versions 5801 and below)
  • Access Manager Plus (versions 4308 and below)

Administrators and users of the affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html
https://www.bleepingcomputer.com/news/security/zoho-urges-admins-to-patch-critical-manageengine-bug-immediately/