Resources Security Bulletin Sedara Security Bulletin: Zoho ManageEngine Security Flaw

Sedara Security Bulletin: Zoho ManageEngine Security Flaw

Security Bulletin


Zoho ManageEngine has released an advisory of a high-severity security flaw that affects multiple credential management products in the ManageEngine family.

The bug has been published under CVE-2022-47523.

This vulnerability grants access to the backend database of these products to an authenticated attacker. It is a SQL injection vulnerability. Exploiting it allows the attacker to run custom queries against any entries in the backend database. This vulnerability cannot be exploited by unauthenticated users.


  • If your organization uses PAM360, Password Manager Pro, or Access Manager Plus, we strongly recommend you upgrade to the latest build immediately. The following versions are vulnerable:
    • Password Manager Pro version 12200 and below
    • PAM360 version 5800 and below
    • Access Manager Plus version 4308 and below
  • Enforce strong password policies and MFA whenever possible to prevent credentials from being exploited by attackers.

More Reading on this vulnerability:

Want Help With a Security Incident?

Sedara can help your organization assess and address vulnerabilities and provide insight that prevents future incidents.

Get Future Compromise Alerts – Join Sedara Declassified

Subscribe to Sedara Declassified to get timely updates on new and evolving threats – and what to do about them – just like our clients do. And of course, if we can help you with anything directly, feel free to reach out.


Accomplish your security & compliance goals.

Get a Demo