CVE-2022-43672: n/a in n/a
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
AI Analysis
Technical Summary
CVE-2022-43672 is a critical SQL Injection vulnerability affecting multiple Zoho ManageEngine products, specifically Password Manager Pro versions before 12122, PAM360 versions before 5711, and Access Manager Plus versions before 4306. SQL Injection (CWE-89) vulnerabilities occur when untrusted input is improperly sanitized before being used in SQL queries, allowing an attacker to manipulate the database queries executed by the application. This vulnerability is notable because it affects a different software component than the related CVE-2022-43671, indicating multiple points of injection within the ManageEngine suite. The CVSS v3.1 score of 9.8 reflects the high severity, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N). The impact covers confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker can potentially extract sensitive data, modify or delete data, and disrupt service availability. Although no known exploits have been reported in the wild as of the publication date, the ease of exploitation and critical impact make this a significant threat. Zoho ManageEngine products are widely used for privileged access management and password management in enterprise environments, making this vulnerability particularly dangerous if exploited. The lack of patch links in the provided data suggests that organizations must verify and apply vendor patches or mitigations promptly to address this issue.
Potential Impact
For European organizations, the impact of CVE-2022-43672 is substantial due to the critical role that ManageEngine products play in managing privileged credentials and access controls. Exploitation could lead to unauthorized access to sensitive credentials, enabling lateral movement within networks, data breaches, and potential disruption of critical IT services. This could affect compliance with stringent European data protection regulations such as GDPR, leading to legal and financial repercussions. Furthermore, sectors with high security requirements such as finance, healthcare, government, and critical infrastructure are at increased risk. The ability to compromise password management systems undermines the security posture of entire organizations, potentially exposing them to espionage, ransomware, or sabotage. Given the network-exploitable nature of the vulnerability and no requirement for authentication, attackers could remotely compromise vulnerable systems without prior access, increasing the threat surface for European enterprises.
Mitigation Recommendations
European organizations should immediately verify if they are running affected versions of Zoho ManageEngine Password Manager Pro, PAM360, or Access Manager Plus. They must apply the latest patches provided by Zoho as soon as they become available. In the absence of patches, organizations should implement network-level controls such as restricting access to these management consoles to trusted IP addresses via firewalls or VPNs. Employing Web Application Firewalls (WAFs) with SQL Injection detection and prevention rules can help mitigate exploitation attempts. Regularly auditing and monitoring logs for unusual database query patterns or access attempts can provide early detection of exploitation. Additionally, organizations should enforce the principle of least privilege for accounts accessing these systems and consider multi-factor authentication to reduce risk. Conducting internal penetration testing focused on these applications can help identify residual risks. Finally, maintaining up-to-date backups and incident response plans will aid in recovery if exploitation occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2022-43672: n/a in n/a
Description
Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671.
AI-Powered Analysis
Technical Analysis
CVE-2022-43672 is a critical SQL Injection vulnerability affecting multiple Zoho ManageEngine products, specifically Password Manager Pro versions before 12122, PAM360 versions before 5711, and Access Manager Plus versions before 4306. SQL Injection (CWE-89) vulnerabilities occur when untrusted input is improperly sanitized before being used in SQL queries, allowing an attacker to manipulate the database queries executed by the application. This vulnerability is notable because it affects a different software component than the related CVE-2022-43671, indicating multiple points of injection within the ManageEngine suite. The CVSS v3.1 score of 9.8 reflects the high severity, with an attack vector that is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N). The impact covers confidentiality, integrity, and availability (C:H/I:H/A:H), meaning an attacker can potentially extract sensitive data, modify or delete data, and disrupt service availability. Although no known exploits have been reported in the wild as of the publication date, the ease of exploitation and critical impact make this a significant threat. Zoho ManageEngine products are widely used for privileged access management and password management in enterprise environments, making this vulnerability particularly dangerous if exploited. The lack of patch links in the provided data suggests that organizations must verify and apply vendor patches or mitigations promptly to address this issue.
Potential Impact
For European organizations, the impact of CVE-2022-43672 is substantial due to the critical role that ManageEngine products play in managing privileged credentials and access controls. Exploitation could lead to unauthorized access to sensitive credentials, enabling lateral movement within networks, data breaches, and potential disruption of critical IT services. This could affect compliance with stringent European data protection regulations such as GDPR, leading to legal and financial repercussions. Furthermore, sectors with high security requirements such as finance, healthcare, government, and critical infrastructure are at increased risk. The ability to compromise password management systems undermines the security posture of entire organizations, potentially exposing them to espionage, ransomware, or sabotage. Given the network-exploitable nature of the vulnerability and no requirement for authentication, attackers could remotely compromise vulnerable systems without prior access, increasing the threat surface for European enterprises.
Mitigation Recommendations
European organizations should immediately verify if they are running affected versions of Zoho ManageEngine Password Manager Pro, PAM360, or Access Manager Plus. They must apply the latest patches provided by Zoho as soon as they become available. In the absence of patches, organizations should implement network-level controls such as restricting access to these management consoles to trusted IP addresses via firewalls or VPNs. Employing Web Application Firewalls (WAFs) with SQL Injection detection and prevention rules can help mitigate exploitation attempts. Regularly auditing and monitoring logs for unusual database query patterns or access attempts can provide early detection of exploitation. Additionally, organizations should enforce the principle of least privilege for accounts accessing these systems and consider multi-factor authentication to reduce risk. Conducting internal penetration testing focused on these applications can help identify residual risks. Finally, maintaining up-to-date backups and incident response plans will aid in recovery if exploitation occurs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-24T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9839c4522896dcbecedb
Added to database: 5/21/2025, 9:09:13 AM
Last enriched: 7/2/2025, 2:41:04 AM
Last updated: 8/14/2025, 8:48:25 AM
Views: 10
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.