Zoho Corporation ManageEngine Access Manager Plus 4.3 Build4309

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4309:*:*:*:*:*:*

part: a version: 4.3 update: build4309

VendorZohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502)
ProductManageengine Access Manager Plus (2b887d5b-684e-52dd-86e8-966a12e2fc08)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-6105 vulnerable 2026-06-03 14:53:50.796242 ManageEngine Information Disclosure in Multiple Products
MEDIUM (5.5)
An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database.
Published: 2023-11-15T20:57:47.981Z
Updated: 2025-02-13T17:26:03.759Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-2291 vulnerable 2026-06-03 14:51:42.763428 Details available
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.
Published: 2023-04-26T00:00:00.000Z
Updated: 2025-02-03T17:31:55.129Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.