Zoho Addresses SQL Injection Vulnerability in ManageEngine Products

Threat Level – Amber | Vulnerability Report
Download PDF

A security flaw affecting multiple ManageEngine products identified as CVE-2022-47523 is an SQL injection vulnerability found in the ZOHO’s Password Manager Pro Secure Vault, PAM360 Privileged Access Management Software, and Access Manager Plus Privileged Session Management Solution. If exploited, the vulnerability would allow attackers to gain unauthenticated access to the backend database and execute custom queries to access database table entries. Zoho has fixed the issue and is urging customers to upgrade to the latest builds of the affected products immediately.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox