HTTP: Zoho ManageEngine Password Manager Pro SQL Injection
This signature detects attempts to exploit a known vulnerability against Zoho ManageEngine Password Manager Pro. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.
Affected Products
Zohocorp manageengine_password_manager_pro
References
CVE: CVE-2022-43672
Short Name
HTTP:SQL:INJ:ZOHO-PSWDMGR-PRO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-40300 CVE-2022-43671 CVE-2022-43672 Injection ManageEngine Manager Password Pro SQL Zoho
Release Date
10/07/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Zohocorp