CVE-2024-5546

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine Password Manager Pro versions before 12431 Zohocorp ManageEngine PAM360 versions before 7001

Description: The issue exists due to the failure to neutralize special elements used in an operating system command, allowing a remote attacker to execute arbitrary code by injecting specially crafted SQL code. The vulnerability can be exploited via a global search option, potentially allowing unauthenticated remote exploitation.

Recommendations: For Zohocorp ManageEngine Password Manager Pro versions before 12431, update to version 12431 or later to secure your system. For Zohocorp ManageEngine PAM360 versions before 7001, update to version 7001 or later to mitigate the risks. As a temporary workaround, consider restricting access to the global search option until the issue is resolved.