📦 Manageengine Pam360

This vulnerability allows unauthenticated attackers to execute arbitrary code on Zoho ManageEngine Password Manager Pro and PAM360 systems through Java deserialization in XML-RPC endpoints. It also af...

This vulnerability allows attackers to bypass access controls on specific REST API endpoints in Zoho ManageEngine products by using '../RestAPI' in URLs. Affected organizations using vulnerable versio...

This vulnerability allows attackers to bypass authorization controls in ManageEngine's privileged access management products when initiating remote sessions. Attackers could gain unauthorized access t...

This vulnerability allows authenticated attackers to execute arbitrary SQL commands via the global search feature in ManageEngine Password Manager Pro and PAM360. Attackers could potentially access, m...

CVE-2024-27312 is an authorization vulnerability in ManageEngine PAM360 version 6601 that allows low-privileged users to perform administrative actions. This affects only PAM360 6600 version installat...

This vulnerability involves hardcoded static credentials in PostgreSQL data used by ManageEngine Access Manager Plus, Password Manager Pro, and PAM360. Attackers can exploit these credentials to modif...