Zohocorp Manageengine Pam360 — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Pam360, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2021-44525 — CVSS 9.8 (critical): Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in…
CVE-2022-29081 — CVSS 9.8 (critical): Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to…
CVE-2022-40300 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304…
CVE-2022-43671 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
CVE-2022-43672 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a…
CVE-2022-47523 — CVSS 9.8 (critical): Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL…
CVE-2024-5546 — CVSS 8.3 (high): Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated…
CVE-2024-27312 — CVSS 8.1 (high): Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin…
CVE-2025-11669 — CVSS 8.1 (high): Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401…
CVE-2023-2291 — CVSS 7.8 (high): Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager…
CVE-2024-27313 — CVSS 6.3 (medium): Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610.
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…