CVE-2022-35405
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
99.9%
p100
KEV
YES
Sep 22, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.9%EPSS · 30 days99.9%
2026-06-302026-07-16
Product
Zoho / ManageEngine
Vulnerability
Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability
Added to KEV
Sep 22, 2022
Remediate by
Oct 13, 2022
Known ransomware use
No
Summary description
Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.
Required action
Apply updates per vendor instructions.
Notes
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html; https://nvd.nist.gov/vuln/detail/CVE-2022-35405
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2022-47966—100.0%
KEV—80Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability—CVE-2020-10189—100.0%
KEV—80Zoho ManageEngine Desktop Central File Upload Vulnerability—CVE-2021-40539—99.9%
KEV—80Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability—CVE-2022-28810—99.3%
KEV—80Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability—CVE-2019-8394—99.1%
KEV—80Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability—