GCVE - cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.3:*:*:*:managed_service

Approved changes feed: RSS · Atom

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:6.3:*:*:*:managed_service_providers:*:*:*

part: a version: 6.3 update: *

Vendor	Zohocorp (`4f1ab088-ab0e-54ac-b0dc-2304879a7502`)
Product	Manageengine Password Manager Pro (`3bc1e2cc-f2eb-500e-95b3-eb5f44d90392`)
Edition	*
Language	*
Software edition	managed_service_providers
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-40300`	vulnerable	2026-06-03 14:48:01.116498	db.gcve.eu returned HTTP 503. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3997`	vulnerable	2026-06-03 14:34:02.392880	Details available SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat. Published: 2014-12-05T15:00:00.000Z Updated: 2024-08-06T11:04:27.709Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2014/Aug/55 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc_pmp_it360_sqli.txt https://raw.githubusercontent.com/pedrib/PoC/master/msf_modules/manageengine_dc_pmp_sqli.rb http://seclists.org/fulldisclosure/2014/Aug/85	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.