cvedb.io
CVE-2023-2291
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2023-04-26T21:15:09.037 · Last modified 2026-06-17T05:52:12.563

Summary

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.

Affected products

zohocorp — manageengine_access_manager_plus

Does this affect you?

Add your gear to cvedb and we'll alert you only when zohocorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.