Product Name | Affected Version(s) | Fixed Version(s) | Fixed on |
Access Manager Plus | 4305 and below | 4306 | 23/10/2022 |
Password Manager Pro | 12121 and below | 12122 | 21/10/2022 |
PAM360 | 5710 and below | 5711 | 22/10/2022 |
Details
1. SQL injection vulnerabilities. These vulnerabilities can allow an adversary to execute custom queries and access the database table entries using the vulnerable request.
2. Sensitive Information Disclosure was observed in personal password export in PAM360 and Password Manager Pro. This has been fixed by removing the exported file containing passwords from the server once the user has downloaded it
Impact
1. The SQL Injection vulnerabilities could allow adversaries to execute custom queries and access the database table entries using the vulnerable request.
2. Any user who has access to Password Manager Pro/PAM360 installation directory can view the exported personal data.
What should you do?
The latest version of Password Manager Pro, PAM360 and Access Manager Plus holds the recommended mitigation targeting the vulnerabilities. We recommend users upgrade to the latest build.
Steps to upgrade
Download the latest service pack from the following links provided below
Access Manager Plus
https://www.manageengine.com/privileged-session-management/upgradepack.html
PAM360
https://www.manageengine.com/privileged-access-management/upgradepack.html
Password Manager Pro
https://www.manageengine.com/products/passwordmanagerpro/upgradepack.html
Apply the latest build to your existing product installation as per the upgrade pack instructions in the links provided above.
Important Note: Don’t forget to make a backup of your installation folder before you upgrade and keep the backup in a separate location. If anything goes wrong, you will have this copy as a backup which will keep all your settings intact. If you’re using an MS SQL server as the back-end database, back up the application database before upgrading. Once the upgrade is successfully completed, remember to delete the backup.
For more information or if you have any questions/concerns feel free to contact us
This article is relevant to:
IT SecurityManageEngineSecurity AdvisoryOther recent articles in the same category
You may be interested in these other recent articles
Stay Ahead with the Latest Updates for ADSelfService Plus
24 June 2025
Discover the latest ADSelfService Plus updates, including new features, fixes, and enhancements.
Read moreStay Ahead with the Latest Updates for ManageEngine OpManager
20 June 2025
Discover the latest OpManager updates, including new features, fixes, and enhancements.
Read moreLatest Updates for ManageEngine ServiceDesk Plus Cloud
Discover the latest ServiceDesk Plus Cloud updates, including new features, fixes, and enhancements.
Read moreStay Ahead with the Latest Updates for ManageEngine Analytics Plus
19 June 2025
Discover the latest ManageEngine Analytics Plus updates, including new features, fixes, and enhancements.
Read moreSecurity Advisory – Important Security Update For PAM360
Product Name Affected Version(s) PAM360 7500 PAM360 MSP 7410 DetailsIn build 7410 of PAM360 MSP, ManageEngine rolled out an enhancement to granularly mask/unmask shared passwords…
Read more