CVE-2023-2291

CVSS 7.8 HIGHEPSS 0.8%CWE-798

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.8EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

26 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · Zoho ManageEngine Multiple Products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tenable.com/security/research/tra-2023-16