Zohocorp: >> Manageengine Pam360 >> 4.0 Security Vulnerabilities
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
CVSS Score
9.8
EPSS Score
0.146
Published
2022-04-28
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
CVSS Score
9.8
EPSS Score
0.008
Published
2021-12-20
Page 2