CVE-2022-29081

Published Apr 28, 2022
Last updated a month ago
CVSS critical 9.8
Overview

Description: Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-22
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.0:build4000:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44296707-E77D-492A-BDA5-A8B29498A6A4"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4100:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B75058A-D530-471C-B02D-F5DCD10BF608"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4101:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C75E408E-8CF4-4AB0-8832-3BF0CEA0620F"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4200:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92B4C025-B3AF-4991-935A-773662F01EA6"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4201:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB6AB14A-CF17-44A2-A32F-4E1DBBAC8AAF"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4202:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2793FC1-CA8B-4AC5-B470-4454FB1F1A23"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4203:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA799225-17EF-49DE-A5B0-2EABB957CD4E"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EE9114D-B6D8-430F-855C-CF1D3AB3157D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4002:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA3B9724-2C69-49CD-9916-F43B22CB194E"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4100:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0384D4E-26C7-447B-84D3-9E38E7FC7F66"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4101:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CDCC599-19C7-4AA7-84BB-2120EDC9FCBA"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4500:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1545BCA4-88C9-4D0D-82E5-DB3D9F21601F"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4501:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02A19736-57EC-454C-8838-E0A9752DD468"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5000:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22E8183E-8ACC-40C6-8EF3-253E4A2E63FA"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4532F06-14BF-4EC5-9A7E-AD934FE69ABF"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5002:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D951BC8D-AF9A-4F2A-A801-3A5EDAB1A5E6"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5003:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AE0A2E4-71A2-447F-9496-D1B9D1D748A5"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5004:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BADE0425-A94E-4621-BF9D-F3A1219C4D57"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.1:build5100:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "331DB356-27EA-4DF8-8A29-C9C8E75E4EDA"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.2:build5200:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C655F9A-C769-413E-9211-E89BADE1A509"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5300:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11523C00-D2EE-4E2D-AFF9-546C77A29CE5"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5301:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F72FB8EA-A643-4295-92F3-4F64C31820D5"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5302:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A20B1E4-F212-4771-8774-DA8085B35829"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.4:build5400:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "131FFFF9-79B7-42C7-BECC-397C6AC1C418"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10103:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4DA1517-9C49-4E46-9BE4-7B6A9B9CA71D"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10104:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D56A0C6E-8865-409D-A7F3-600A466CB7F4"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2:build10200:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92DCA776-14CD-4258-8804-1C531966F8FB"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10300:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38BB8CEB-43AE-43FC-80E9-1FD5D518C822"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10301:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5DBA962-E485-47FB-8C06-B74B28417E87"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10302:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E34CD968-6820-4D24-A792-F272E4A582BE"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10400:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBE9858E-817C-4E40-B880-4B466272FD87"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B94A45F-595F-4F2A-83C9-501DDFDF1DC3"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10402:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA1DD26C-22D3-45F4-B877-605B56379A0B"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:11104:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "550C1332-D1DC-4709-9F87-1A7F4EE08EEA"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "564A39DB-D202-4223-97E9-E6378CE69013"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11102:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C7BA06B-AA80-4276-912F-FF6BFE252E23"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11103:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BCAD9CA-5C31-442D-9E50-D2B992907362"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:build11200:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBB91B4D-EA5E-4FE3-8A2A-2A4DCB2340B9"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:build11201:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CA1C194-0258-42EB-BD9F-87D5CA602008"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11300:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AC71CFB-5AF2-4C0F-8C92-01C883BE271F"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11301:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1203498-41EA-43C9-9F6A-63BBD6955C83"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12000:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B722DB9-4258-4994-B498-0A4E1D3B3F8E"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C9E0BBA-DCC1-47A6-A329-2E7D363F840C"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12002:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8011EC7-EEAE-4F0E-AD76-EE2C9F8BF807"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12003:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5404C39E-BD07-40AF-9467-10F4D0CB5F14"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12004:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4D42670-966F-445D-A2E3-0E728B287FCB"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12005:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C6F70E1-5B52-457C-A321-F11EC1075E6F"
          },
          {
            "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12006:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "122B23D8-973E-40E6-85B1-E5107DA0F088"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
