CVE-2021-44525

CWE-287 — Improper Authentication CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.6%

top 31.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Pam360

Timeline

PublishedDec 20

Latest updateDec 21

Description

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_pam3607 versions+6

🔴Vulnerability Details

GHSA

GHSA-v79c-w8qr-chq9: Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentic↗2021-12-21

▶

CVEList

CVE-2021-44525: Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentic↗2021-12-20

▶