Vulnerabilities > Zohocorp > Manageengine Password Manager PRO
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-28 | CVE-2022-29081 | Path Traversal vulnerability in Zohocorp products Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. | 9.8 |
| 2021-07-31 | CVE-2021-33617 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request) is null only when the username is invalid. | 5.3 |
| 2021-06-16 | CVE-2021-31857 | Unspecified vulnerability in Zohocorp Manageengine Password Manager PRO In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types. | 5.9 |
| 2020-03-16 | CVE-2020-9347 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. | 9.8 |
| 2020-03-16 | CVE-2020-9346 | Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. | 8.8 |
| 2020-03-09 | CVE-2016-1159 | Information Exposure vulnerability in Zohocorp Manageengine Password Manager PRO 8.3/8.4 In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive information (entry password history) via a vulnerable hidden service. | 6.5 |
| 2019-06-18 | CVE-2019-12133 | Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. | 7.8 |
| 2017-12-15 | CVE-2017-17698 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | 6.1 |