Manageengine password manager pro
This hub aggregates every CVE we track for Manageengine password manager pro, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
23
CVEs tracked
8
Critical
7
High
2
In CISA KEV
Severity distribution
MEDIUM8CRITICAL8HIGH7
Monthly trend
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Manageengine password manager pro.
- CVE-2026-5785SQL Injection8.1
- CVE-2025-11669Broken Access Control8.1
- CVE-2024-5546SQL Injection8.3
- CVE-2023-6105ManageEngine Information Disclosure in Multiple Products5.5
- CVE-2020-27449Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via cra...6.1
- CVE-2023-2291Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow ...7.8
- CVE-2022-47966Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because ...KEV9.8
- CVE-2022-47523Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection.9.8
- CVE-2022-43671Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.9.8
- CVE-2022-43672Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.9.8
- CVE-2022-40300Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.9.8
- CVE-2022-35405Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 w...KEV9.8
- CVE-2022-29081Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLActi...9.8
- CVE-2021-33617Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=GetUserDomainName&userName= username enumeration, because the response (to a failed login request)...5.3
- CVE-2021-31857In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.5.9
Product normalization is registry-driven with AI assist and human review. How it works