CVE-2020-21642

CWE-22Path Traversal3 documents3 sources
Severity
9.8CRITICAL
EPSS
7.1%
top 8.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zohocorp Manageengine Analytics Plus
Timeline
PublishedAug 15
Latest updateAug 16

Description

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-c2h4-63xc-8qh6: Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attacker2022-08-16
CVEList
CVE-2020-21642: Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attacker2022-08-15
CVE-2020-21642 (CRITICAL CVSS 9.8) | Directory Traversal vulnerability Z | cvebase.io