Zoho fixes CVE-2022-47523 vulnerability

Share post:

Following the discovery of a severe SQL injection (SQLi) vulnerability tagged CVE-2022-47523, enterprise software provider Zoho has urged customers to upgrade to the most recent versions of Access Manager Plus, PAM360, and Password Manager Pro.

Access Manager Plus versions 4308 and lower, PAM360 versions 5800 and lower, and Password Manager Pro versions 12200 and lower are all affected. It is of high severity and allows an adversary to execute custom queries and access database table entries via the vulnerable request. After successful exploitation, attackers have unauthenticated access to the backend database and can run custom queries to access database table entries.

Administrators and users of the affected product versions are urged to upgrade to the most recent versions as soon as possible. Zoho claims to have resolved the issue last month by escaping special characters and implementing proper validation.

According to the company, “given the severity of this vulnerability, customers are strongly advised to immediately upgrade to the latest build of PAM360, Password Manager Pro, and Access Manager Plus.”

Users are advised to download the latest upgrade pack for the product to upgrade and immediately patch the vulnerability. Then, follow the upgrade pack instructions in the above links to apply the latest build to the existing product installation.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways