CVE-2021-44651

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.8HIGH
EPSS
7.8%
top 8.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zohocorp Manageengine Cloud Security PlusZohocorp Log360
Timeline
PublishedJan 12
Latest updateJan 13

Description

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDzohocorp/log3605.2.2

🔴Vulnerability Details

2
GHSA
GHSA-493v-3fmc-pc4p: Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper2022-01-13
CVEList
CVE-2021-44651: Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper2022-01-12
CVE-2021-44651 (HIGH CVSS 8.8) | Zoho ManageEngine CloudSecurityPlus | cvebase.io