Primary

Context

ManageEngine PAM360, Password Manager Pro, and Access Manager Plus Authorization Vulnerability in Remote Session Initiation

Vulnerability

Patched

An authorization vulnerability has been identified in ManageEngine PAM360 (versions prior to 8202), Password Manager Pro (versions prior to 13221), and Access Manager Plus (versions prior to 4401). This vulnerability allows authenticated users to initiate remote sessions to any resource managed by these applications. The issue arises only if the resources are accessible from the server where the application is installed.

Impact

Exploitation of this vulnerability allows unauthorized access to initiate remote sessions on resources managed by the affected application.

Remediation

Users can upgrade to the latest version of PAM360, Password Manager Pro, or Access Manager Plus. Upgrade packs are available on the ManageEngine website. For further assistance, contact ManageEngine product support via email.

Added: Jan 13, 2026, 2:40 PM

Updated: Jan 13, 2026, 2:40 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

5.0

exploitability

4.9

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine PAM360, Password Manager Pro, and Access Manager Plus Authorization Vulnerability in Remote Session Initiation

Vulnerability

Impact

Remediation

Affected Products

ManageEngine PAM360

ManageEngine Password Manager Pro

ManageEngine Access Manager Plus

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating