Lucene search

[email protected]CVE-2021-41833

HistoryNov 11, 2021 - 5:15 a.m.

CVE-2021-41833

2021-11-1105:15:09

CWE-434

[email protected]

web.nvd.nist.gov

cve-2021-41833

zoho

manageengine

patch connect plus

remote code execution

vulnerability

unauthenticated

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.7%

JSON

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.

Affected configurations

NVD

Node

zohocorpmanageengine_patch_connect_plusRange<9.0.0

zohocorpmanageengine_patch_connect_plusMatch9.0.0-

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90001

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90063

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90064

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90065

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90066

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90067

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90068

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90069

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90070

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90071

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90072

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90073

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90074

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90075

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90076

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90077

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90078

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90079

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90080

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90081

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90082

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90083

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90084

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90085

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90086

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90087

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90088

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90089

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90090

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90091

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90092

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90093

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90094

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90095

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90096

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90097

zohocorpmanageengine_patch_connect_plusMatch9.0.0build90098

CPENameOperatorVersion
zohocorp:manageengine_patch_connect_pluszohocorp manageengine patch connect pluslt9.0.0

CPE	Name	Operator	Version
zohocorp:manageengine_patch_connect_plus	zohocorp manageengine patch connect plus	lt	9.0.0

References

pitstop.manageengine.com/portal/en/community/topic/unauthenticated-remote-code-execution-vulnerability-solved

www.manageengine.com/sccm-third-party-patch-management/kb/unauthenticated-remote-code-execution.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.7%

JSON

Related for CVE-2021-41833

prion1 nvd1 cvelist1