Vulnerabilities > Zohocorp > Manageengine Password Manager PRO > High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-28	CVE-2024-5546	SQL Injection vulnerability in Zohocorp Manageengine Pam360 Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option. network low complexity zohocorp CWE-89	8.8
2023-04-26	CVE-2023-2291	Unspecified vulnerability in Zohocorp products Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. local low complexity zohocorp	7.8
2020-03-16	CVE-2020-9346	Cross-Site Request Forgery (CSRF) vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role. network low complexity zohocorp CWE-352	8.8
2019-06-18	CVE-2019-12133	Incorrect Permission Assignment for Critical Resource vulnerability in Zohocorp products Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. local low complexity zohocorp CWE-732	7.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.