vulnerability
Zoho ManageEngine PAM360: CVE-2022-35405: Unauthenticated Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jun 23, 2022 | Jul 2, 2025 | Mar 27, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 23, 2022
Added
Jul 2, 2025
Modified
Mar 27, 2026
Description
An unauthenticated remote code execution vulnerability PAM360 Password Manager Pro and Access Manager Plus products due to the vulnerable dependency.
Solution
zoho-manageengine-pam360-upgrade-latest
References
- CWE-502
- CVE-2022-35405
- https://attackerkb.com/topics/CVE-2022-35405
- http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html
- https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-38295
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.