Vulnerabilities > CVE-2023-2291 - Unspecified vulnerability in Zohocorp products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

zohocorp

NVD

Published: 2023-04-26

Updated: 2023-05-05

Summary

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.

Vulnerable Configurations

Part	Description	Count
Application	Zohocorp Zohocorp Manageengine Pam360 * Zohocorp Manageengine Access Manager Plus 4.3 Zohocorp Manageengine Password Manager PRO *	3

References

https://tenable.com/security/research/tra-2023-16