ManageEngine SQL Injection Vulnerability - 20230109002¶
Overview¶
An SQL Injection vulnerability (CVE-2022-47523) was discovered in Password Manager Pro, PAM360 and Access Manager Plus. This vulnerability can allow an adversary to execute custom queries, and access the database table entries using the vulnerable request.
What is the vulnerability?¶
CVE-2022-47523 - Severity: High. CVSSv3 score awaiting analysis.
What is vulnerable?¶
| Product Name | Affected Version(s) | Fixed Version(s) | Fixed On |
|---|---|---|---|
| Password Manager Pro | 12200 and below | 12210 | 30-12-2022 |
| PAM360 | 5800 and below | 5801 | 28-12-2022 |
| Access Manager Plus | 4308 and below | 4309 | 29-12-2022 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected platforms: https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html
Additional References¶
- NIST CVE-2022-47523 Details -https://nvd.nist.gov/vuln/detail/CVE-2022-47523