Vulnerabilities > CVE-2022-35405 - Deserialization of Untrusted Data vulnerability in Zohocorp products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

zohocorp

CWE-502

critical

NVD

Published: 2022-07-19

Updated: 2023-08-08

Summary

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Access Manager Plus 4.3 Zohocorp Manageengine Access Manager Plus 4.0 Zohocorp Manageengine Access Manager Plus 4.1 Zohocorp Manageengine Access Manager Plus 4.2 Zohocorp Manageengine Password Manager PRO 4.6 Zohocorp Manageengine Password Manager PRO 4.7 Zohocorp Manageengine Password Manager PRO 4.8 Zohocorp Manageengine Password Manager PRO 5.0 Zohocorp Manageengine Password Manager PRO 5.1 Zohocorp Manageengine Password Manager PRO 5.2 Zohocorp Manageengine Password Manager PRO 5.3 Zohocorp Manageengine Password Manager PRO 5.4 Zohocorp Manageengine Password Manager PRO 6.0 Zohocorp Manageengine Password Manager PRO 6.1 Zohocorp Manageengine Password Manager PRO 6.2 Zohocorp Manageengine Password Manager PRO 6.3 Zohocorp Manageengine Password Manager PRO 6.4 Zohocorp Manageengine Password Manager PRO 6.5 Zohocorp Manageengine Password Manager PRO 6.6 Zohocorp Manageengine Password Manager PRO 6.7 Zohocorp Manageengine Password Manager PRO 6.8 Zohocorp Manageengine Password Manager PRO 6.9 Zohocorp Manageengine Password Manager PRO 7.0 Zohocorp Manageengine Password Manager PRO 7.1 Zohocorp Manageengine Password Manager PRO 7.5 Zohocorp Manageengine Password Manager PRO 7.6 Zohocorp Manageengine Password Manager PRO 8.0 Zohocorp Manageengine Password Manager PRO 8.1 Zohocorp Manageengine Password Manager PRO 8.2 Zohocorp Manageengine Password Manager PRO 8.3 Zohocorp Manageengine Password Manager PRO 8.4 Zohocorp Manageengine Password Manager PRO 8.5 Zohocorp Manageengine Password Manager PRO 8.6 Zohocorp Manageengine Password Manager PRO 8.7 Zohocorp Manageengine Password Manager PRO 9.0 Zohocorp Manageengine Password Manager PRO 9.1 Zohocorp Manageengine Password Manager PRO 9.2 Zohocorp Manageengine Password Manager PRO 9.3 Zohocorp Manageengine Password Manager PRO 9.4 Zohocorp Manageengine Password Manager PRO 9.5 Zohocorp Manageengine Password Manager PRO 9.6 Zohocorp Manageengine Password Manager PRO 9.7 Zohocorp Manageengine Password Manager PRO 9.8 Zohocorp Manageengine Password Manager PRO 9.9 Zohocorp Manageengine Password Manager PRO 10.0 Zohocorp Manageengine Password Manager PRO 10.1 Zohocorp Manageengine Password Manager PRO 10.2 Zohocorp Manageengine Password Manager PRO 10.3 Zohocorp Manageengine Password Manager PRO 10.4 Zohocorp Manageengine Password Manager PRO 11.1 Zohocorp Manageengine Password Manager PRO 11.2 Zohocorp Manageengine Password Manager PRO 11.3 Zohocorp Manageengine Password Manager PRO 12.0 Zohocorp Manageengine Password Manager PRO 12.1 Zohocorp Manageengine Pam360 4.0 Zohocorp Manageengine Pam360 4.1 Zohocorp Manageengine Pam360 4.5 Zohocorp Manageengine Pam360 5.0 Zohocorp Manageengine Pam360 5.1 Zohocorp Manageengine Pam360 5.2 Zohocorp Manageengine Pam360 5.3 Zohocorp Manageengine Pam360 5.4 Zohocorp Manageengine Pam360 5.5	314

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Vulnerabilities > CVE-2022-35405 - Deserialization of Untrusted Data vulnerability in Zohocorp products

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References