{ "id": "CVE-2022-43672", "sourceIdentifier": "cve@mitre.org", "published": "2022-11-12T04:15:10.290", "lastModified": "2022-11-16T23:13:48.827", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-89" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3", "matchCriteriaId": "5FDF15FF-2561-4139-AC5E-4812584B1B03" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:*", "matchCriteriaId": "D5DEC045-6A7E-4041-88F8-5ABC4AB51C29" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:*", "matchCriteriaId": "52DDE5D9-28DE-446F-A402-7BE3C33A4B35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4302:*:*:*:*:*:*", "matchCriteriaId": "F6E1E4D8-B7F0-4BDB-B5A2-55436BEC85F1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4303:*:*:*:*:*:*", "matchCriteriaId": "59675CC4-8A5C-4668-908C-0886B4B310DC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4304:*:*:*:*:*:*", "matchCriteriaId": "45084336-F1DC-4E5B-A45E-506A779985D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4305:*:*:*:*:*:*", "matchCriteriaId": "1B2CC071-5BB3-4A25-88F2-DBC56B94D895" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.7", "matchCriteriaId": "1478BFC3-A0B2-415B-BA1C-AA09D9451C93" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5700:*:*:*:*:*:*", "matchCriteriaId": "1E270FB5-C447-4C93-9947-2CE50850A46B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_pam360:5.7:build5710:*:*:*:*:*:*", "matchCriteriaId": "496AFB26-1E11-4632-8C10-CD80F601FCFE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:*:*:*:*:*:*:*:*", "versionEndExcluding": "12.1", "matchCriteriaId": "76C7DC97-8BF1-421F-9272-FD301D2D7A3F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12100:*:*:*:*:*:*", "matchCriteriaId": "9BE65B96-74ED-48F1-B86D-CB3387D989CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12101:*:*:*:*:*:*", "matchCriteriaId": "B4127640-1F60-4687-A24A-22B05A125290" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12110:*:*:*:*:*:*", "matchCriteriaId": "E42928FB-E0E7-4951-B9B1-CEF60560A945" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12120:*:*:*:*:*:*", "matchCriteriaId": "43C059E6-E1CA-4792-B383-93062CD82D66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.1:build12121:*:*:*:*:*:*", "matchCriteriaId": "8D21A9EB-51BC-4EEA-BAA4-8C2096A9DDD5" } ] } ] } ], "references": [ { "url": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-43672.html", "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ] } ] }