SQL Injection Vulnerability in Multiple ManageEngine...

SQL Injection Vulnerability in Multiple ManageEngine Products (CVE-2022-47523)

On December 29, ManageEngine disclosed a high-severity SQL injection vulnerability in its Password Manager Pro, PAM360 and Access Manager Plus products. These three products have been targeted in the past by attackers and over the last three years, attackers have set their sights on a variety of ManageEngine products including DesktopCentral, ServiceDesk Plus, ADSelfService Plus.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

SQL Injection Vulnerability in Multiple ManageEngine...

Recent Discussions

Investigating: Cl0p Reportedly Breached Oracle E-Business Suite (EBS) Systems

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

Americas

Europe

Asia / Australia