BEST OF THE WEB

Zoho fixes CVE-2022-47523 vulnerability

Following the discovery of a severe SQL injection (SQLi) vulnerability tagged CVE-2022-47523, enterprise software provider Zoho has urged customers to upgrade to the most recent versions of Access Manager Plus, PAM360, and Password Manager Pro.

Access Manager Plus versions 4308 and lower, PAM360 versions 5800 and lower, and Password Manager Pro versions 12200 and lower are all affected. It is of high severity and allows an adversary to execute custom queries and access database table entries via the vulnerable request. After successful exploitation, attackers have unauthenticated access to the backend database and can run custom queries to access database table entries.

Administrators and users of the affected product versions are urged to upgrade to the most recent versions as soon as possible. Zoho claims to have resolved the issue last month by escaping special characters and implementing proper validation.

According to the company, “given the severity of this vulnerability, customers are strongly advised to immediately upgrade to the latest build of PAM360, Password Manager Pro, and Access Manager Plus.”

Users are advised to download the latest upgrade pack for the product to upgrade and immediately patch the vulnerability. Then, follow the upgrade pack instructions in the above links to apply the latest build to the existing product installation.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web