CVE-2024-5546

8.3 HIGH

SQL Injection

📋 TL;DR

This vulnerability allows authenticated attackers to execute arbitrary SQL commands via the global search feature in ManageEngine Password Manager Pro and PAM360. Attackers could potentially access, modify, or delete sensitive password management data. Organizations using affected versions of these products are at risk.

💻 Affected Systems

Products:

• ManageEngine Password Manager Pro
• ManageEngine PAM360

Versions: Password Manager Pro versions before 12431, PAM360 versions before 7001

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the web interface. The global search feature is typically available to users with appropriate permissions.

📦 What is this software?

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Pam360 by Zohocorp

View all CVEs affecting Manageengine Pam360 →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

Manageengine Password Manager Pro by Zohocorp

View all CVEs affecting Manageengine Password Manager Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the password management database, allowing attackers to exfiltrate all stored credentials, modify access controls, or delete critical authentication data.

🟠

Likely Case

Unauthorized access to sensitive password data, credential theft, and potential lateral movement within the network using stolen credentials.

🟢

If Mitigated

Limited data exposure if proper network segmentation and access controls prevent attackers from reaching the vulnerable interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid user credentials. SQL injection via search functionality is typically straightforward for attackers with basic SQL knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Password Manager Pro 12431 or later, PAM360 7001 or later

Vendor Advisory: https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html

Restart Required: Yes

Instructions:

1. Download the latest version from the ManageEngine website
2. Backup your current installation and database
3. Stop the ManageEngine service
4. Install the update following vendor instructions
5. Restart the service and verify functionality

🔧 Temporary Workarounds

Disable Global Search

all

Temporarily disable the global search feature to prevent exploitation while patching

Restrict Access

all

Limit network access to the ManageEngine web interface to only trusted IP addresses

🧯 If You Can't Patch

• Implement strict network segmentation to isolate the ManageEngine server from untrusted networks
• Enforce strong authentication policies and monitor for suspicious user activity

🔍 How to Verify

Check if Vulnerable:

Copy

Check the product version in the web interface under Help > About. For Password Manager Pro, verify version is below 12431. For PAM360, verify version is below 7001.

Check Version:

Copy

Check via web interface: Help > About, or check installation directory for version files

Verify Fix Applied:

Copy

After updating, confirm the version shows 12431 or higher for Password Manager Pro, or 7001 or higher for PAM360.

📡 Detection & Monitoring

Log Indicators:

• Unusual SQL queries in application logs
• Multiple failed search attempts with special characters
• User accounts performing unexpected global searches

Network Indicators:

• Unusual database connections from the application server
• Large data transfers following search requests

SIEM Query:

Copy

source="manageengine*" AND ("global search" OR "search") AND (sql OR "'" OR "--" OR ";")

📊 Metadata

CVE ID: CVE-2024-5546

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-89

Published: August 28, 2024

Last Updated: September 19, 2024

🔗 References

• https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2024-5546.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5546, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)

CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)

CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)