Search criteria
4 vulnerabilities found for ManageEngine PAM360 by Zohocorp
CVE-2026-5785 (GCVE-0-2026-5785)
Vulnerability from nvd – Published: 2026-04-16 13:46 – Updated: 2026-04-17 03:55
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
Severity ?
8.1 (High)
CWE
- CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zohocorp | ManageEngine PAM360 |
Affected:
0 , < 8531
(8531)
|
|
| Zohocorp | ManageEngine Password Manager Pro |
Affected:
8600 , ≤ 13230
(13230)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T03:55:15.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine PAM360",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "8531",
"status": "affected",
"version": "0",
"versionType": "8531"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ManageEngine Password Manager Pro",
"vendor": "Zohocorp",
"versions": [
{
"lessThanOrEqual": "13230",
"status": "affected",
"version": "8600",
"versionType": "13230"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8531",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13230",
"versionStartIncluding": "8600",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003e\u003c/span\u003eZohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T13:46:28.313Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2026-5785",
"datePublished": "2026-04-16T13:46:28.313Z",
"dateReserved": "2026-04-08T10:55:40.854Z",
"dateUpdated": "2026-04-17T03:55:15.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11669 (GCVE-0-2025-11669)
Vulnerability from nvd – Published: 2026-01-13 14:10 – Updated: 2026-02-26 15:04
VLAI?
Title
Broken Access Control
Summary
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
Severity ?
8.1 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zohocorp | ManageEngine PAM360 |
Affected:
0 , < 8202
(8202)
|
|
| Zohocorp | ManageEngine Password Manager Pro |
Affected:
0 , < 13221
(13221)
|
|
| Zohocorp | ManageEngine Access Manager Plus |
Affected:
0 , < 4401
(4401)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:27.565835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:46.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine PAM360",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "8202",
"status": "affected",
"version": "0",
"versionType": "8202"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ManageEngine Password Manager Pro",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "13221",
"status": "affected",
"version": "0",
"versionType": "13221"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ManageEngine Access Manager Plus",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "4401",
"status": "affected",
"version": "0",
"versionType": "4401"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8202",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13221",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4401",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp\u003c/span\u003e\u0026nbsp;ManageEngine PAM360 versions before 8202; Password Manager Pro\u0026nbsp;versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.\u003c/p\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine PAM360 versions before 8202; Password Manager Pro\u00a0versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T14:10:55.954Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-11669",
"datePublished": "2026-01-13T14:10:55.954Z",
"dateReserved": "2025-10-13T04:36:27.412Z",
"dateUpdated": "2026-02-26T15:04:46.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5785 (GCVE-0-2026-5785)
Vulnerability from cvelistv5 – Published: 2026-04-16 13:46 – Updated: 2026-04-17 03:55
VLAI?
Title
SQL Injection
Summary
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
Severity ?
8.1 (High)
CWE
- CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zohocorp | ManageEngine PAM360 |
Affected:
0 , < 8531
(8531)
|
|
| Zohocorp | ManageEngine Password Manager Pro |
Affected:
8600 , ≤ 13230
(13230)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-16T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T03:55:15.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine PAM360",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "8531",
"status": "affected",
"version": "0",
"versionType": "8531"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ManageEngine Password Manager Pro",
"vendor": "Zohocorp",
"versions": [
{
"lessThanOrEqual": "13230",
"status": "affected",
"version": "8600",
"versionType": "13230"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8531",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13230",
"versionStartIncluding": "8600",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003e\u003c/span\u003eZohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T13:46:28.313Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2026-5785",
"datePublished": "2026-04-16T13:46:28.313Z",
"dateReserved": "2026-04-08T10:55:40.854Z",
"dateUpdated": "2026-04-17T03:55:15.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11669 (GCVE-0-2025-11669)
Vulnerability from cvelistv5 – Published: 2026-01-13 14:10 – Updated: 2026-02-26 15:04
VLAI?
Title
Broken Access Control
Summary
Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
Severity ?
8.1 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Zohocorp | ManageEngine PAM360 |
Affected:
0 , < 8202
(8202)
|
|
| Zohocorp | ManageEngine Password Manager Pro |
Affected:
0 , < 13221
(13221)
|
|
| Zohocorp | ManageEngine Access Manager Plus |
Affected:
0 , < 4401
(4401)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:27.565835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:46.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ManageEngine PAM360",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "8202",
"status": "affected",
"version": "0",
"versionType": "8202"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ManageEngine Password Manager Pro",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "13221",
"status": "affected",
"version": "0",
"versionType": "13221"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ManageEngine Access Manager Plus",
"vendor": "Zohocorp",
"versions": [
{
"lessThan": "4401",
"status": "affected",
"version": "0",
"versionType": "4401"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8202",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13221",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4401",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp\u003c/span\u003e\u0026nbsp;ManageEngine PAM360 versions before 8202; Password Manager Pro\u0026nbsp;versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.\u003c/p\u003e"
}
],
"value": "Zohocorp\u00a0ManageEngine PAM360 versions before 8202; Password Manager Pro\u00a0versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T14:10:55.954Z",
"orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"shortName": "Zohocorp"
},
"references": [
{
"url": "https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
"assignerShortName": "Zohocorp",
"cveId": "CVE-2025-11669",
"datePublished": "2026-01-13T14:10:55.954Z",
"dateReserved": "2025-10-13T04:36:27.412Z",
"dateUpdated": "2026-02-26T15:04:46.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}