Vulnerabilities > CVE-2022-35405 - Deserialization of Untrusted Data vulnerability in Zohocorp products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
zohocorp
CWE-502
critical

Summary

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Vulnerable Configurations

Part Description Count
Application
Zohocorp
314

Common Weakness Enumeration (CWE)