Lucene search

[email protected]CVE-2020-21642

HistoryAug 15, 2022 - 8:15 p.m.

CVE-2020-21642

2022-08-1520:15:08

CWE-22

[email protected]

web.nvd.nist.gov

cve-2020-21642

directory traversal

zoho manageengine

analytics plus

vulnerability

remote code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.4%

JSON

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

Affected configurations

NVD

Node

zohocorpmanageengine_analytics_plusMatch2.9build2900

zohocorpmanageengine_analytics_plusMatch2.9build2901

zohocorpmanageengine_analytics_plusMatch2.9build2902

zohocorpmanageengine_analytics_plusMatch2.9build2903

zohocorpmanageengine_analytics_plusMatch2.9build2904

zohocorpmanageengine_analytics_plusMatch2.9build2905

zohocorpmanageengine_analytics_plusMatch2.9build2906

zohocorpmanageengine_analytics_plusMatch2.9build2907

zohocorpmanageengine_analytics_plusMatch3.0build3000

zohocorpmanageengine_analytics_plusMatch3.0build3010

zohocorpmanageengine_analytics_plusMatch3.0build3020

zohocorpmanageengine_analytics_plusMatch3.0build3030

zohocorpmanageengine_analytics_plusMatch3.0build3040

zohocorpmanageengine_analytics_plusMatch3.0build3050

zohocorpmanageengine_analytics_plusMatch3.1build3100

zohocorpmanageengine_analytics_plusMatch3.1build3110

zohocorpmanageengine_analytics_plusMatch3.1build3120

zohocorpmanageengine_analytics_plusMatch3.1build3130

zohocorpmanageengine_analytics_plusMatch3.1build3140

zohocorpmanageengine_analytics_plusMatch3.2build3200

zohocorpmanageengine_analytics_plusMatch3.2build3250

zohocorpmanageengine_analytics_plusMatch3.3build3300

zohocorpmanageengine_analytics_plusMatch3.3build3310

zohocorpmanageengine_analytics_plusMatch3.4build3400

zohocorpmanageengine_analytics_plusMatch3.4build3450

zohocorpmanageengine_analytics_plusMatch3.5build3500

zohocorpmanageengine_analytics_plusMatch3.6build3600

zohocorpmanageengine_analytics_plusMatch3.7build3700

zohocorpmanageengine_analytics_plusMatch3.8build3800

zohocorpmanageengine_analytics_plusMatch3.9build3900

zohocorpmanageengine_analytics_plusMatch3.9build3950

zohocorpmanageengine_analytics_plusMatch4.0build4000

zohocorpmanageengine_analytics_plusMatch4.1build4100

zohocorpmanageengine_analytics_plusMatch4.1build4150

zohocorpmanageengine_analytics_plusMatch4.2build4200

zohocorpmanageengine_analytics_plusMatch4.2build4250

zohocorpmanageengine_analytics_plusMatch4.2build4260

zohocorpmanageengine_analytics_plusMatch4.2build4270

zohocorpmanageengine_analytics_plusMatch4.2build4280

zohocorpmanageengine_analytics_plusMatch4.3build4300

zohocorpmanageengine_analytics_plusMatch4.3build4310

CPENameOperatorVersion
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq2.9
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.0
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.1
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.2
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.3
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.4
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.5
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.6
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.7
zohocorp:manageengine_analytics_pluszohocorp manageengine analytics pluseq3.8

CPE	Name	Operator	Version
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	2.9
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.0
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.1
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.2
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.3
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.4
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.5
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.6
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.7
zohocorp:manageengine_analytics_plus	zohocorp manageengine analytics plus	eq	3.8

Rows per page:

1-10 of 151

References

www.manageengine.com/analytics-plus/release-notes.html

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for CVE-2020-21642

prion1 nvd1 cvelist1