Severity : Medium
CVE ID : CVE-2022-35404
An unauthenticated file/directory creation vulnerability (CVE-2022-35404) was reported in Password Manager Pro, PAM360 and Access Manager Plus. This vulnerability allows an adversary to create arbitrary directories and multiple small-sized files in the installation server.
|Product Name||Affected Version(s)||Fixed Version(s)||Fixed On|
|Password Manager Pro||12100 and below||12101||24-06-2022|
|PAM360||5500 and below||5510||23-06-2022|
|Access Manager Plus||4302 and below||4303||24-06-2022|
We fixed this issue by adding appropriate authentication checks in our server side source code, where we create and assign a unique token for every auto logon session, and validate the tokens before initiating a session.
This vulnerability allows adversaries to multiple create arbitrary directories and files in the installation servers, which can ultimately impact the storage capacity of the servers.
Reported by Katie (Tenable).
Please contact the product support for further details at the below mentioned email addresses:
Password Manager Pro: firstname.lastname@example.org
Access Manager Plus: email@example.com