CVE-2024-5546

high-risk

Published 2024-08-28

Zohocorp ManageEngine Password Manager Pro versions before 12431 and ManageEngine PAM360 versions before 7001 are affected by authenticated SQL Injection vulnerability via a global search option.

Do I need to act?

~

1.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.3/10 High

NETWORK / LOW complexity

Affected Products (20)

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Affected Vendors

Zohocorp

References (1)

Vendor Advisory https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546....

66

/ 100

high-risk

Severity 29/34 · Critical

Exploitability 4/34 · Minimal

Exposure 33/34 · Critical