CVE-2022-47523

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine Access Manager Plus versions prior to 4309 Zoho ManageEngine Password Manager Pro versions prior to 12210 Zoho ManageEngine PAM360 versions prior to 5801

Description The issue is related to insufficient protection of the SQL query structure, allowing a remote attacker to execute arbitrary user queries or gain unauthorized access to protected information. Successful exploitation provides authenticated attackers with access to the server-side database, enabling them to execute custom queries to access database table records.

Recommendations For Zoho ManageEngine Access Manager Plus versions prior to 4309, update to version 4309 or later. For Zoho ManageEngine Password Manager Pro versions prior to 12210, update to version 12210 or later. For Zoho ManageEngine PAM360 versions prior to 5801, update to version 5801 or later. As a precaution, create backups of your installations before updating to prevent data loss.