1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability

Known Exploited Vulnerabilities CVE-2022-35405

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-35405 Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability exploitation_technique T1059 Command and Scripting Interpreter
Comments
CVE-2022-35405 is an unauthenticated remote code execution vulnerability as a result of deserialization.
References
  1. https://web.archive.org/web/20220906183444/https://www.bigous.me/2022/09/06/CVE-2022-35405.html