SQL Injection Vulnerability - CVE-2022-47523

Severity : High

CVE ID : CVE-2022-47523

Details :
An SQL Injection vulnerability (CVE-2022-47523) was discovered in Password Manager Pro, PAM360 and Access Manager Plus. We have fixed this issue by adding proper validation and escaping special characters.

Product Name	Affected Version(s)	Fixed Version(s)	Fixed On
Password Manager Pro	12200 and below	12210	30-12-2022
PAM360	5800 and below	5801	28-12-2022
Access Manager Plus	4308 and below	4309	29-12-2022

Given the severity of this vulnerability, customers are strongly advised to upgrade to the latest build of PAM360, Password Manager Pro and Access Manager Plus immediately.

Impact :
This vulnerability can allow an adversary to execute custom queries, and access the database table entries using the vulnerable request.

Steps to Upgrade:

Download the latest upgrade pack from the following links for the respective product:
- PAM360 - https://www.manageengine.com/privileged-access-management/upgradepack.html
- Password Manager Pro - https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html
- Access Manager Plus - https://www.manageengine.com/privileged-session-management/upgradepack.html
Apply the latest build to your existing product installation as per the upgrade pack instructions provided in the above links.

Please contact the product support for further details at the below mentioned email addresses:

PAM360: pam360-support@manageengine.com

Password Manager Pro: passwordmanagerpro-support@manageengine.com

Access Manager Plus: accessmanagerplus-support@manageengine.com