Zohocorp Manageengine Password Manager Pro — known CVE vulnerabilities
Every CVE whose affected-product data names Zohocorp Manageengine Password Manager Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2020-9347 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by…
CVE-2022-29081 — CVSS 9.8 (critical): Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to…
CVE-2022-47523 — CVSS 9.8 (critical): Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL…
CVE-2022-43672 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a…
CVE-2022-43671 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.
CVE-2022-40300 — CVSS 9.8 (critical): Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304…
CVE-2020-9346 — CVSS 8.8 (high): Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated…
CVE-2024-5546 — CVSS 8.3 (high): Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated…
CVE-2025-11669 — CVSS 8.1 (high): Zohocorp ManageEngine PAM360 versions before 8202; Password Manager Pro versions before 13221; Access Manager Plus versions prior to 4401…
CVE-2019-12133 — CVSS 7.8 (high): Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine…
CVE-2023-2291 — CVSS 7.8 (high): Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager…
CVE-2014-3997 — CVSS 7.5 (high): SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed…
CVE-2016-1159 — CVSS 6.5 (medium): In ZOHO Password Manager Pro (PMP) 8.3.0 (Build 8303) and 8.4.0 (Build 8400,8401,8402), underprivileged users can obtain sensitive…
CVE-2015-5459 — CVSS 6.5 (medium): SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build…
CVE-2014-8498 — CVSS 6.5 (medium): SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service…
CVE-2020-27449 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote…
CVE-2017-17698 — CVSS 6.1 (medium): Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.
CVE-2021-31857 — CVSS 5.9 (medium): In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for…
CVE-2023-6105 — CVSS 5.5 (medium): An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A…
CVE-2021-33617 — CVSS 5.3 (medium): Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username…