This week, Zoho released patches for ManageEngine Password Manager Pro, PAM360, and Access Manager Plus that address a high-severity SQL injection vulnerability.
Providing management capabilities for endpoints, enterprise services, identity and access, IT operations, and security information and events is ManageEngine, an enterprise software solution. The security flaw, identified as CVE-2022-47523, could give attackers access to database table entries by enabling them to run custom queries.
Password Manager Pro, PAM360, and Access Manager Plus have a SQL Injection vulnerability (CVE-2022-47523). By including proper validation and escaping special characters, we were able to resolve this issue, according to Zoho.