CVE-2022-40300

CVE Database · CVE-2022-40300

CVE-2022-40300

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.27%

Published

Sep 16, 2022

Modified

Nov 6, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-89

Affected Products (315)

zohocorp · manageengine_access_manager_plusvulnerable

zohocorp · manageengine_access_manager_plus

References (2)

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html

PatchVendor Advisory

https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs

zohocorp · manageengine_access_manager_plusvulnerable

zohocorp · manageengine_pam360vulnerable

zohocorp · manageengine_password_manager_provulnerable