CVE-2022-29081
Published Apr 28, 2022
Last updated a year ago
Overview
- Description
- Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-22
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.0:build4000:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44296707-E77D-492A-BDA5-A8B29498A6A4"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4100:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B75058A-D530-471C-B02D-F5DCD10BF608"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C75E408E-8CF4-4AB0-8832-3BF0CEA0620F"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4200:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92B4C025-B3AF-4991-935A-773662F01EA6"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4201:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB6AB14A-CF17-44A2-A32F-4E1DBBAC8AAF"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4202:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2793FC1-CA8B-4AC5-B470-4454FB1F1A23"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4203:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA799225-17EF-49DE-A5B0-2EABB957CD4E"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EE9114D-B6D8-430F-855C-CF1D3AB3157D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4002:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA3B9724-2C69-49CD-9916-F43B22CB194E"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4100:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0384D4E-26C7-447B-84D3-9E38E7FC7F66"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CDCC599-19C7-4AA7-84BB-2120EDC9FCBA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4500:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1545BCA4-88C9-4D0D-82E5-DB3D9F21601F"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4501:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02A19736-57EC-454C-8838-E0A9752DD468"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5000:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22E8183E-8ACC-40C6-8EF3-253E4A2E63FA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4532F06-14BF-4EC5-9A7E-AD934FE69ABF"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5002:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D951BC8D-AF9A-4F2A-A801-3A5EDAB1A5E6"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5003:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3AE0A2E4-71A2-447F-9496-D1B9D1D748A5"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5004:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BADE0425-A94E-4621-BF9D-F3A1219C4D57"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.1:build5100:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331DB356-27EA-4DF8-8A29-C9C8E75E4EDA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.2:build5200:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C655F9A-C769-413E-9211-E89BADE1A509"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5300:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11523C00-D2EE-4E2D-AFF9-546C77A29CE5"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F72FB8EA-A643-4295-92F3-4F64C31820D5"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5302:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A20B1E4-F212-4771-8774-DA8085B35829"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.4:build5400:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "131FFFF9-79B7-42C7-BECC-397C6AC1C418"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10103:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4DA1517-9C49-4E46-9BE4-7B6A9B9CA71D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10104:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D56A0C6E-8865-409D-A7F3-600A466CB7F4"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2:build10200:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92DCA776-14CD-4258-8804-1C531966F8FB"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10300:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38BB8CEB-43AE-43FC-80E9-1FD5D518C822"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5DBA962-E485-47FB-8C06-B74B28417E87"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10302:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E34CD968-6820-4D24-A792-F272E4A582BE"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10400:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBE9858E-817C-4E40-B880-4B466272FD87"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B94A45F-595F-4F2A-83C9-501DDFDF1DC3"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10402:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA1DD26C-22D3-45F4-B877-605B56379A0B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:11104:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "550C1332-D1DC-4709-9F87-1A7F4EE08EEA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "564A39DB-D202-4223-97E9-E6378CE69013"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C7BA06B-AA80-4276-912F-FF6BFE252E23"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11103:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BCAD9CA-5C31-442D-9E50-D2B992907362"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:11200:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6A23F6F-439A-449D-A309-9F7EBC1A897B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:11201:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47DF2D41-4BD1-4FC7-A4DB-BC75E41460CD"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11300:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AC71CFB-5AF2-4C0F-8C92-01C883BE271F"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1203498-41EA-43C9-9F6A-63BBD6955C83"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12000:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B722DB9-4258-4994-B498-0A4E1D3B3F8E"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C9E0BBA-DCC1-47A6-A329-2E7D363F840C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12002:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8011EC7-EEAE-4F0E-AD76-EE2C9F8BF807"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12003:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5404C39E-BD07-40AF-9467-10F4D0CB5F14"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12004:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4D42670-966F-445D-A2E3-0E728B287FCB"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12005:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C6F70E1-5B52-457C-A321-F11EC1075E6F"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12006:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "122B23D8-973E-40E6-85B1-E5107DA0F088"
}
],
"operator": "OR"
}
]
}
]