CVE-2021-44650

3 documents3 sources

Severity

7.2HIGH

EPSS

4.6%

top 10.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine M365 Manager Plus

Timeline

PublishedJan 12

Latest updateJan 13

Description

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_m365_manager_plus< 4.4+1

🔴Vulnerability Details

GHSA

GHSA-r94f-5mf3-7vp2: Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and↗2022-01-13

▶

CVEList

CVE-2021-44650: Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and↗2022-01-12

▶