December 9, 2023

The U.S. CISA today added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 with a CVSS score 9.8, to its Known Exploited Vulnerabilities Catalog.

The CVE-2022-35405 flaw is a remote code execution vulnerability that impacts Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus.


Affected version

  • Password Manager Pro versions 12100 and below
  • PAM360 versions 5500 and below
  • Access Manager Plus versions 4302 and below

Zoho addressed the issue by removing the vulnerable components and strongly recommends its customers to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus immediately due to the availability of a PoC exploit.

CISA orders federal agencies to fix these vulnerabilities by October 13, 2022.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.