Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for ManageEngine PAM360 by Zohocorp

    CVE-2026-5785 (GCVE-0-2026-5785)

    Vulnerability from nvd – Published: 2026-04-16 13:46 – Updated: 2026-04-17 03:55
    VLAI
    Title
    SQL Injection
    Summary
    Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T03:55:15.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine PAM360",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "8531",
                  "status": "affected",
                  "version": "0",
                  "versionType": "8531"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine Password Manager Pro",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThanOrEqual": "13230",
                  "status": "affected",
                  "version": "8600",
                  "versionType": "13230"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8531",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "13230",
                      "versionStartIncluding": "8600",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003e\u003c/span\u003eZohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T13:46:28.313Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2026-5785",
        "datePublished": "2026-04-16T13:46:28.313Z",
        "dateReserved": "2026-04-08T10:55:40.854Z",
        "dateUpdated": "2026-04-17T03:55:15.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11669 (GCVE-0-2025-11669)

    Vulnerability from nvd – Published: 2026-01-13 14:10 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Broken Access Control
    Summary
    Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T04:57:27.565835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:46.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine PAM360",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "8202",
                  "status": "affected",
                  "version": "0",
                  "versionType": "8202"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine Password Manager Pro",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "13221",
                  "status": "affected",
                  "version": "0",
                  "versionType": "13221"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine Access Manager Plus",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "4401",
                  "status": "affected",
                  "version": "0",
                  "versionType": "4401"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8202",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13221",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4401",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp\u003c/span\u003e\u0026nbsp;ManageEngine PAM360 versions before 8202; Password Manager Pro\u0026nbsp;versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.\u003c/p\u003e"
                }
              ],
              "value": "Zohocorp\u00a0ManageEngine PAM360 versions before 8202; Password Manager Pro\u00a0versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T14:10:55.954Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-11669",
        "datePublished": "2026-01-13T14:10:55.954Z",
        "dateReserved": "2025-10-13T04:36:27.412Z",
        "dateUpdated": "2026-02-26T15:04:46.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5785 (GCVE-0-2026-5785)

    Vulnerability from cvelistv5 – Published: 2026-04-16 13:46 – Updated: 2026-04-17 03:55
    VLAI
    Title
    SQL Injection
    Summary
    Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper neutralization of special elements used in an SQL command ('SQL injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5785",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-16T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-17T03:55:15.059Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine PAM360",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "8531",
                  "status": "affected",
                  "version": "0",
                  "versionType": "8531"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine Password Manager Pro",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThanOrEqual": "13230",
                  "status": "affected",
                  "version": "8600",
                  "versionType": "13230"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8531",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "13230",
                      "versionStartIncluding": "8600",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan\u003e\u003c/span\u003eZohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.\u003cspan\u003e\u003c/span\u003e\u003c/p\u003e"
                }
              ],
              "value": "Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper neutralization of special elements used in an SQL command (\u0027SQL injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-16T13:46:28.313Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2026-5785.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2026-5785",
        "datePublished": "2026-04-16T13:46:28.313Z",
        "dateReserved": "2026-04-08T10:55:40.854Z",
        "dateUpdated": "2026-04-17T03:55:15.059Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-11669 (GCVE-0-2025-11669)

    Vulnerability from cvelistv5 – Published: 2026-01-13 14:10 – Updated: 2026-02-26 15:04
    VLAI
    Title
    Broken Access Control
    Summary
    Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-11669",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T04:57:27.565835Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:46.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine PAM360",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "8202",
                  "status": "affected",
                  "version": "0",
                  "versionType": "8202"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine Password Manager Pro",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "13221",
                  "status": "affected",
                  "version": "0",
                  "versionType": "13221"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "ManageEngine Access Manager Plus",
              "vendor": "Zohocorp",
              "versions": [
                {
                  "lessThan": "4401",
                  "status": "affected",
                  "version": "0",
                  "versionType": "4401"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8202",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "13221",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4401",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eZohocorp\u003c/span\u003e\u0026nbsp;ManageEngine PAM360 versions before 8202; Password Manager Pro\u0026nbsp;versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality.\u003c/p\u003e"
                }
              ],
              "value": "Zohocorp\u00a0ManageEngine PAM360 versions before 8202; Password Manager Pro\u00a0versions before 13221; Access Manager Plus versions prior to 4401 are vulnerable to an authorization issue in the initiate remote session functionality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-13T14:10:55.954Z",
            "orgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
            "shortName": "Zohocorp"
          },
          "references": [
            {
              "url": "https://www.manageengine.com/privileged-access-management/advisory/cve-2025-11669.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Broken Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0fc0942c-577d-436f-ae8e-945763c79b02",
        "assignerShortName": "Zohocorp",
        "cveId": "CVE-2025-11669",
        "datePublished": "2026-01-13T14:10:55.954Z",
        "dateReserved": "2025-10-13T04:36:27.412Z",
        "dateUpdated": "2026-02-26T15:04:46.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }