Severity : High
CVE ID :CVE-2022-43672
Details :
An SQL Injection vulnerability was discovered in Password Manager Pro, PAM360 and Access Manager Plus due to improper validation. This has been fixed now.
Product Name | Affected Version(s) | Fixed Version(s) | Fixed On |
---|---|---|---|
Password Manager Pro | 12121 and below | 12122 | 21-10-2022 |
PAM360 | 5710 and below | 5711 | 22-10-2022 |
Access Manager Plus | 4305 and below | 4306 | 23-10-2022 |
An SQL Injection vulnerability was discovered in PAM360, Password Manager Pro and Access Manager Plus. To fix this, we have added proper validation and escaping special characters.
Given the severity of this vulnerability, customers are strongly advised to upgrade to the latest build of PAM360, Password Manager Pro and Access Manager Plus immediately.
Impact:
This vulnerability can allow an adversary to execute custom queries, and access the database table entries using the vulnerable request.
Please contact the product support for further details at the below mentioned email addresses:
PAM360: pam360-support@manageengine.com
Password Manager Pro: passwordmanagerpro-support@manageengine.com
Access Manager Plus: accessmanagerplus-support@manageengine.com