CVE-2022-29081

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 28-04-2022 10:15

Last modified: - 10-05-2022 02:29

Total changes: - 3

Description

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

9.8

Base score

3.9

5.9

Exploitability score

Impact score

Verification logic

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.4 AND update=build10400

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.4 AND update=build10402

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.4 AND update=build10401

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.3 AND update=build10301

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.3 AND update=build10302

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.3 AND update=build10300

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.2 AND update=build10200

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.1 AND update=build10103

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=10.1 AND update=build10104

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.1 AND update=build_11101

vendor=zohocorp AND product=manageengine_pam360 AND version=4.0 AND update=build4001

vendor=zohocorp AND product=manageengine_pam360 AND version=4.1 AND update=build4100

vendor=zohocorp AND product=manageengine_pam360 AND version=4.1 AND update=build4101

vendor=zohocorp AND product=manageengine_pam360 AND version=4.5 AND update=build4500

vendor=zohocorp AND product=manageengine_pam360 AND version=4.5 AND update=build4501

vendor=zohocorp AND product=manageengine_pam360 AND version=5.0 AND update=build5000

vendor=zohocorp AND product=manageengine_pam360 AND version=5.0 AND update=build5001

vendor=zohocorp AND product=manageengine_pam360 AND version=5.0 AND update=build5002

vendor=zohocorp AND product=manageengine_pam360 AND version=5.0 AND update=build5003

vendor=zohocorp AND product=manageengine_pam360 AND version=5.0 AND update=build5004

vendor=zohocorp AND product=manageengine_pam360 AND version=5.1 AND update=build5100

vendor=zohocorp AND product=manageengine_pam360 AND version=5.2 AND update=build5200

vendor=zohocorp AND product=manageengine_pam360 AND version=5.3 AND update=build5300

vendor=zohocorp AND product=manageengine_pam360 AND version=5.3 AND update=build5302

vendor=zohocorp AND product=manageengine_pam360 AND version=5.3 AND update=build5301

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.1 AND update=build_11102

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.1 AND update=build_11103

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.2 AND update=build4200

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.2 AND update=build4201

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.2 AND update=build4202

vendor=zohocorp AND product=manageengine_pam360 AND version=5.4 AND update=build5400

vendor=zohocorp AND product=manageengine_pam360 AND version=4.0 AND update=build4002

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=12.0 AND update=build12001

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=12.0 AND update=build12002

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=12.0 AND update=build12003

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=12.0 AND update=build12004

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=12.0 AND update=build12005

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=12.0 AND update=build12006

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=12.0 AND update=build12000

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.3 AND update=build11300

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.3 AND update=build11301

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.1 AND update=11104

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.2 AND update=11200

vendor=zohocorp AND product=manageengine_password_manager_pro AND version=11.2 AND update=11201

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.3 AND update=build4300

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.3 AND update=build4301

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.2 AND update=build4203

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.0 AND update=build4000

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.1 AND update=build4100

vendor=zohocorp AND product=manageengine_access_manager_plus AND version=4.1 AND update=build4101

Reference

Keywords

CVE-2022-29081

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-29081

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures