CVE-2021-44676

CWE-287 — Improper Authentication CWE-668 — Exposure to Wrong Sphere3 documents3 sources

Severity

9.8CRITICAL

EPSS

7.7%

top 8.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zohocorp Manageengine Access Manager Plus

Timeline

PublishedDec 20

Latest updateDec 21

Description

Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDzohocorp/manageengine_access_manager_plus4.1, 4.2+1

🔴Vulnerability Details

GHSA

GHSA-j9j7-wv39-5xc4: Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e↗2021-12-21

▶

CVEList

CVE-2021-44676: Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e↗2021-12-20

▶