Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistTenableCVELIST:CVE-2021-20136
HistoryNov 01, 2021 - 8:55 p.m.

CVE-2021-20136

2021-11-0120:55:59
tenable
www.cve.org

9.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.

CNA Affected

[
  {
    "product": "ManageEngine Log360",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "< 5235"
      }
    ]
  }
]

Related

cnvd 1
prion 1
cve 1
nvd 1
nessus 1
cnvd
cnvd
ZOHO ManageEngine Log360 Access Control Error Vulnerability
2021-11-04 00:00:00
prion
prion
Improper access control
2021-11-01 21:15:00
cve
cve
CVE-2021-20136
2021-11-01 21:15:07
nvd
nvd
CVE-2021-20136
2021-11-01 21:15:07
nessus
nessus
ManageEngine Log360 < Build 5235 Database Configuration Overwrite RCE
2021-11-19 00:00:00

9.9 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON
Related for CVELIST:CVE-2021-20136
cnvd1prion1cve1nvd1nessus1