Vulnerability Details CVE-2022-29081
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.146
EPSS Ranking 94.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-29081
-
cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.0
-
cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1
-
cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2
-
cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3
-
cpe:2.3:a:zohocorp:manageengine_pam360:4.0
-
cpe:2.3:a:zohocorp:manageengine_pam360:4.1
-
cpe:2.3:a:zohocorp:manageengine_pam360:4.5
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.0
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.1
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.2
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.3
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.4
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3
-
cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0