vulnerability
Zoho ManageEngine PAM360: CVE-2022-35405: Unauthenticated Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jun 23, 2022 | Jul 2, 2025 | Mar 27, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 23, 2022
Added
Jul 2, 2025
Modified
Mar 27, 2026
Description
An unauthenticated remote code execution vulnerability PAM360 Password Manager Pro and Access Manager Plus products due to the vulnerable dependency.
Solution
zoho-manageengine-pam360-upgrade-latest
References
- CWE-502
- CVE-2022-35405
- https://attackerkb.com/topics/CVE-2022-35405
- http://packetstormsecurity.com/files/167918/Zoho-Password-Manager-Pro-XML-RPC-Java-Deserialization.html
- https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-38295
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.