ManageEngine Password Manager Pro Multiple Vulnerabilities

Medium4

Details

Multiple vulnerabilities were identified in ManageEngine Password Manager Pro. A remote attacker could exploit some of these vulnerabilities to trigger security restriction bypass, data manipulation, cross-site scripting and sensitive information disclosure on the targeted system.

Impact

Information Disclosure
Data Manipulation
Cross-Site Scripting
Security Restriction Bypass

System / Technologies affected

ManageEngine Password Manager Pro prior to version 12.4 (Build-12420)

Solutions

Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:

Update to version 12.4 (Build-12420) or later

Vulnerability Identifier

CVE-2023-48795

Reference

https://www.manageengine.com/products/passwordmanagerpro/release-notes.html#20240301-144340

https://www.hkcert.org/security-bulletin/manageengine-password-manager-pro-multiple-vulnerabilities_20240304

Details

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Reference

Chinese Government Moving Away from Intel and AMD Chips

iPhone Rumored to Feature Baidu AI Chatbot in China

F5 Products Denial of Service Vulnerability

Details

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Reference

Chinese Government Moving Away from Intel and AMD Chips

Windows Notepad to Receive Spelling Check and Auto-Correction Features

iPhone Rumored to Feature Baidu AI Chatbot in China

F5 Products Denial of Service Vulnerability

US Department of Justice and 16 States Sue Apple for Smartphone Market Monopoly