https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html

The remote host is running a version of ManageEngine PAM360 prior to 5.8 Build 5801. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.

Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.

The remote host is running a version of ManageEngine Access Manager Plus prior to 4.3 Build 4309. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.

Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.

The remote host is running a version of ManageEngine Password Manager Pro prior to 12.2 Build 12210. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data.

Note that Nessus has not tested for the issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
169605	ManageEngine PAM360 < 5.8 Build 5801 SQLi	Nessus	CGI abuses	critical
169572	ManageEngine Access Manager Plus < 4.3 Build 4309 SQLi	Nessus	CGI abuses	critical
169571	ManageEngine Password Manager Pro < 12.2 Build 12210 SQLi	Nessus	CGI abuses	critical

CVE-2022-47523

critical

Tenable Plugins

critical

critical

critical