Skip to main content

Special Announcement

  • 25 Jun 2024

    Announcement for Change of Chinese Name

    Please note that the Chinese name of HKCERT is changed from 「香港電腦保安事故協調中心」 to 「香港網絡安全事故協調中心」 with immediate effect.

    The English name, abbreviation, web address and email address remained unchanged.

ManageEngine Password Manager Pro Multiple Vulnerabilities

Release Date: 13 May 2024 1601 Views

RISK: Medium Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

Multiple vulnerabilities were identified in ManageEngine Password Manager Pro. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, sensitive information disclosure, cross-site scripting and security restriction bypass on the targeted system.


Impact

  • Information Disclosure
  • Elevation of Privilege
  • Cross-Site Scripting
  • Security Restriction Bypass

System / Technologies affected

  • ManageEngine Password Manager Pro prior to version 12.4 (Build-12430)

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

  • Update to version 12.4 (Build-12430) or later

Vulnerability Identifier

  • No CVE information is available

Source


Related Link