CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.

Link	Resource
https://www.tenable.com/security/research/tra-2022-14	Exploit Third Party Advisory
https://www.manageengine.com/privileged-session-management/advisory/cve-2022-29081.html	Vendor Advisory

Configuration 1

cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10400:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10402:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.4:build10401:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10301:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10302:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.3:build10300:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.2:build10200:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10103:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:10.1:build10104:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11102:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:build_11103:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4202:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4201:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4200:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5302:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5301:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.3:build5300:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.2:build5200:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.1:build5100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5004:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5003:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5002:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5001:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.0:build5000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4500:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:4.5:build4501:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:4.1:build4101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4001:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:4.0:build4002:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_pam360:5.4:build5400:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12001:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12002:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12003:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12004:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12005:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12006:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:12.0:build12000:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11300:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.3:build11301:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.1:11104:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:11200:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_password_manager_pro:11.2:11201:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4300:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.3:build4301:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4203:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.0:build4000:*:*:*:*:*:*

---

Published : 2022-04-28 08:15

Updated : 2022-05-10 12:29

---

NVD link : CVE-2022-29081

Mitre link : CVE-2022-29081

Manageengine Access Manager Plus

Zohocorp

CWE-863