https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html

http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html

The remote host is running a version of ManageEngine Access Manager Plus prior to 4.3 Build 4303. It is, therefore, affected by an authenticated remote code execution vulnerability.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is running a version of ManageEngine Password Manager Pro prior to 12.1 Build 12101. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is running a version of ManageEngine PAM360 prior to 5.5 Build 5510. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands on the remote host.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
166059	ManageEngine Access Manager Plus < 4.3 Build 4303 RCE	Nessus	CGI abuses	critical
166058	ManageEngine Password Manager Pro < 12.1 Build 12101 RCE	Nessus	CGI abuses	critical
166057	ManageEngine PAM360 < 5.5 Build 5510 RCE	Nessus	CGI abuses	critical

CVE-2022-35405

critical

Tenable Plugins

critical

critical

critical