Lucene search

[email protected]CVE-2021-40173

HistoryAug 29, 2021 - 8:15 p.m.

CVE-2021-40173

2021-08-2920:15:07

CWE-352

[email protected]

web.nvd.nist.gov

cve-2021-40173

zoho

manageengine

cloud security plus

build 4117

csrf

vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.7%

JSON

Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.

Affected configurations

NVD

Node

zohocorpmanageengine_cloud_security_plusRange≤4.0

zohocorpmanageengine_cloud_security_plusMatch4.14100

zohocorpmanageengine_cloud_security_plusMatch4.14101

zohocorpmanageengine_cloud_security_plusMatch4.14102

zohocorpmanageengine_cloud_security_plusMatch4.14103

zohocorpmanageengine_cloud_security_plusMatch4.14104

zohocorpmanageengine_cloud_security_plusMatch4.14105

zohocorpmanageengine_cloud_security_plusMatch4.14106

zohocorpmanageengine_cloud_security_plusMatch4.14107

zohocorpmanageengine_cloud_security_plusMatch4.14108

zohocorpmanageengine_cloud_security_plusMatch4.14109

zohocorpmanageengine_cloud_security_plusMatch4.14110

zohocorpmanageengine_cloud_security_plusMatch4.14111

zohocorpmanageengine_cloud_security_plusMatch4.14112

zohocorpmanageengine_cloud_security_plusMatch4.14113

zohocorpmanageengine_cloud_security_plusMatch4.14115

zohocorpmanageengine_cloud_security_plusMatch4.14116

CPENameOperatorVersion
zohocorp:manageengine_cloud_security_pluszohocorp manageengine cloud security plusle4.0
zohocorp:manageengine_cloud_security_pluszohocorp manageengine cloud security pluseq4.1

CPE	Name	Operator	Version
zohocorp:manageengine_cloud_security_plus	zohocorp manageengine cloud security plus	le	4.0
zohocorp:manageengine_cloud_security_plus	zohocorp manageengine cloud security plus	eq	4.1

References

www.manageengine.com/cloud-security/release-notes.html#build%204117

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.7%

JSON

Related for CVE-2021-40173

cnvd1 nvd1 prion1 cvelist1