Primary

Context

ManageEngine PAM360 and Password Manager Pro Authenticated SQL Injection Vulnerability

Vulnerability

Patched

A high-severity authenticated SQL injection vulnerability has been identified in ManageEngine PAM360 versions prior to 8531 and in ManageEngine Password Manager Pro versions from 8600 to 13230. The vulnerability exists in the query report module, allowing an adversary with a Password Auditor role to execute custom SQL queries. This could lead to escalation of privileges to a Privileged Administrator, enabling the execution of sensitive actions.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, with potential escalation of privileges to a Privileged Administrator role, where sensitive actions can be performed.

Remediation

Users can upgrade to ManageEngine Password Manager Pro version 13231 or ManageEngine PAM360 version 8531. Instructions for downloading the latest upgrade packs are available on the ManageEngine website.

Added: Apr 16, 2026, 2:24 PM

Updated: Apr 16, 2026, 2:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.9

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.9

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ManageEngine PAM360 and Password Manager Pro Authenticated SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

ManageEngine PAM360

ManageEngine Password Manager Pro

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating