CVE-2021-37761

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICAL

EPSS

37.4%

top 2.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Admanager Plus

Timeline

PublishedSep 27

Latest updateMay 24

Description

Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_admanager_plus< 7.1+1

🔴Vulnerability Details

GHSA

GHSA-69r8-v874-fjmf: Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution↗2022-05-24

▶

CVEList

CVE-2021-37761: Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution↗2021-09-27

▶