Issues FixedPassword Manager » Issues Fixed

ManageEngine Password Manager Pro

List of vulnerabilities reported and fixed:

SI.No Vulnerability Description Date of Reporting Patch Release (version)
and Public Disclosure
Associated CVE IDs
1 Cross-Site Request Forgery vulnerability. This vulnerability could be exploited by Password Manager Pro users while remaining authenticated, provided the user has knowledge about PMP's URL construction pattern and various parameters to craft forged requests. This could be exploited only by forging the URL and not through inputs in the GUI. June 2015 June 2016, v8500 JVNVU#95113461
CVE-2016-1161
(Reported by: CSIRT, Excellium Services)
2 While viewing old passwords from password history, it was possible for a password user to retrieve password history of unshared passwords by manipulating the request URL. February 23, 2016 April 2016, v8403 CVE-2016-1159
(Reported by: CSIRT, Excellium Services)
3 A SQL injection vulnerability identified in advanced search module of PMP has been fixed. June 2015 July 2015, v8101 CVE-2015-5459
4 An XML external entity injection identified in XMLRPC API has been fixed May 2014 May 2015, v8000 -
5 A SQL injection identified in PMP web application has been fixed. October 27, 2014 November 2014, v7105 CVE-2014-8499
6 A clickjacking vulnerability identified in PMP web application has been fixed. October 27, 2014 November 2014, v7105 -
7 A filename Denial of Service vulnerability identified in PMP has been fixed. February 2014 September 2014, v7103 CVE-2014-9372
8 Fixed a backdoor issue through which SQL injection was possible in PMP. June 2014 June 2014, v7003 CVE-2014-3997, CVE-2014-3996
9 Possibility for an XSS vulnerability (which can be triggered during authentication), was identified in PMP v7001. This has been fixed. March 20, 2014 April 2014, v7002 -
10 PMP v7001 was identified to be having directory traversal vulnerability. This has been fixed by updating the RDP gateway. March 20, 2014 April 2014, v7002 -

Password Manager Pro - Enterprise Password Management Software trusted by

Get
Quote
Technical Support Request Demo