Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Multiple ManageEngine Products
Alerts

Critical Vulnerability in Multiple ManageEngine Products

5 January 2023

Zoho has released security updates to address a critical vulnerability (CVE-2022-47523) in multiple ManageEngine products.

Successful exploitation of the Standard Query Language injection (SQLi) vulnerability could allow attackers to execute custom queries to access database table entries.

The vulnerability affects the following products:

  • Password Manager Pro (versions 12200 and below)

  • PAM360 (versions 5801 and below)

  • Access Manager Plus (versions 4308 and below)

Administrators and users of the affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://www.manageengine.com/privileged-session-management/advisory/cve-2022-47523.html
https://www.bleepingcomputer.com/news/security/zoho-urges-admins-to-patch-critical-manageengine-bug-immediately/

Back to top