Skip to main content

CVE-2022-43672: n/a in n/a

Critical
VulnerabilityCVE-2022-43672cvecve-2022-43672
Published: Sat Nov 12 2022 (11/12/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.

AI-Powered Analysis

AILast updated: 07/02/2025, 02:41:04 UTC

Technical Analysis

CVE-2022-43672 is a critical SQL Injection vulnerability affecting multiple Zoho ManageEngine products, specifically Password Manager Pro versions before 12122, PAM360 versions before 5711, and Access Manager Plus versions before 4306. SQL Injection (CWE-89) vulnerabilities occur when untrusted input is improperly sanitized before being used in SQL queries, allowing an attacker to manipulate the database queries executed by the application. This vulnerability is notable because it affects a different software component than the related CVE-2022-43671, indicating multiple points of injection within the ManageEngine suite. The CVSS v3.1 score of 9.8 reflects the high severity, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N). The impact covers confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker can potentially extract sensitive data, modify or delete data, and disrupt service availability. Although no known exploits have been reported in the wild as of the publication date, the ease of exploitation and critical impact make this a significant threat. Zoho ManageEngine products are widely used for privileged access management and password management in enterprise environments, making this vulnerability particularly dangerous if exploited. The lack of patch links in the provided data suggests that organizations must verify and apply vendor patches or mitigations promptly to address this issue.

Potential Impact

For European organizations, the impact of CVE-2022-43672 is substantial due to the critical role that ManageEngine products play in managing privileged credentials and access controls. Exploitation could lead to unauthorized access to sensitive credentials, enabling lateral movement within networks, data breaches, and potential disruption of critical IT services. This could affect compliance with stringent European data protection regulations such as GDPR, leading to legal and financial repercussions. Furthermore, sectors with high security requirements such as finance, healthcare, government, and critical infrastructure are at increased risk. The ability to compromise password management systems undermines the security posture of entire organizations, potentially exposing them to espionage, ransomware, or sabotage. Given the network-exploitable nature of the vulnerability and no requirement for authentication, attackers could remotely compromise vulnerable systems without prior access, increasing the threat surface for European enterprises.

Mitigation Recommendations

European organizations should immediately verify if they are running affected versions of Zoho ManageEngine Password Manager Pro, PAM360, or Access Manager Plus. They must apply the latest patches provided by Zoho as soon as they become available. In the absence of patches, organizations should implement network-level controls such as restricting access to these management consoles to trusted IP addresses via firewalls or VPNs. Employing Web Application Firewalls (WAFs) with SQL Injection detection and prevention rules can help mitigate exploitation attempts. Regularly auditing and monitoring logs for unusual database query patterns or access attempts can provide early detection of exploitation. Additionally, organizations should enforce the principle of least privilege for accounts accessing these systems and consider multi-factor authentication to reduce risk. Conducting internal penetration testing focused on these applications can help identify residual risks. Finally, maintaining up-to-date backups and incident response plans will aid in recovery if exploitation occurs.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-24T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9839c4522896dcbecedb

Added to database: 5/21/2025, 9:09:13 AM

Last enriched: 7/2/2025, 2:41:04 AM

Last updated: 7/28/2025, 12:30:41 PM

Views: 9

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats