CVE-2021-42002

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

9.8CRITICAL

EPSS

9.3%

top 7.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Admanager Plus

Timeline

PublishedNov 11

Latest updateMay 24

Description

Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_admanager_plus< 7.1+1

🔴Vulnerability Details

GHSA

GHSA-wxvp-5pm4-8849: Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution↗2022-05-24

▶

CVEList

CVE-2021-42002: Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution↗2021-11-11

▶