ZohoCorp ManageEngine Password Manager Pro 10.4 Build10401
Approved changes feed: RSS · Atom
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:*
part: a version: 10.4 update: build10401
| Vendor | Zohocorp (4f1ab088-ab0e-54ac-b0dc-2304879a7502) |
|---|---|
| Product | Manageengine Password Manager Pro (3bc1e2cc-f2eb-500e-95b3-eb5f44d90392) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-40300 |
vulnerable | 2026-06-03 14:48:01.228804 |
Details available
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
Published: 2022-09-16T22:47:55.000Z
Updated: 2024-08-03T12:14:39.986Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29081 |
vulnerable | 2026-06-03 14:46:56.607374 |
Details available
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
Published: 2022-04-28T19:16:57.000Z
Updated: 2024-08-03T06:10:59.435Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-9347 |
vulnerable | 2026-06-03 14:43:13.379680 |
Details available
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they expect CSV risk mitigation to be provided by an external application, and do not plan to add CSV constraints to their own products
Published: 2020-03-16T21:44:31.000Z
Updated: 2024-08-04T10:26:16.058Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-9346 |
vulnerable | 2026-06-03 14:43:13.372559 |
Details available
Zoho ManageEngine Password Manager Pro 10.4 and prior has no protection against Cross-site Request Forgery (CSRF) attacks, as demonstrated by changing a user's role.
Published: 2020-03-16T21:42:06.000Z
Updated: 2024-08-04T10:26:16.069Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.