CVE-2021-41833 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
zohocorp	manageengine_patch_connect_plus	𝑥 < 9.0.0
zohocorp	manageengine_patch_connect_plus	9.0.0
zohocorp	manageengine_patch_connect_plus	9.0.0:build90001
zohocorp	manageengine_patch_connect_plus	9.0.0:build90063
zohocorp	manageengine_patch_connect_plus	9.0.0:build90064
zohocorp	manageengine_patch_connect_plus	9.0.0:build90065
zohocorp	manageengine_patch_connect_plus	9.0.0:build90066
zohocorp	manageengine_patch_connect_plus	9.0.0:build90067
zohocorp	manageengine_patch_connect_plus	9.0.0:build90068
zohocorp	manageengine_patch_connect_plus	9.0.0:build90069
zohocorp	manageengine_patch_connect_plus	9.0.0:build90070
zohocorp	manageengine_patch_connect_plus	9.0.0:build90071
zohocorp	manageengine_patch_connect_plus	9.0.0:build90072
zohocorp	manageengine_patch_connect_plus	9.0.0:build90073
zohocorp	manageengine_patch_connect_plus	9.0.0:build90074
zohocorp	manageengine_patch_connect_plus	9.0.0:build90075
zohocorp	manageengine_patch_connect_plus	9.0.0:build90076
zohocorp	manageengine_patch_connect_plus	9.0.0:build90077
zohocorp	manageengine_patch_connect_plus	9.0.0:build90078
zohocorp	manageengine_patch_connect_plus	9.0.0:build90079
zohocorp	manageengine_patch_connect_plus	9.0.0:build90080
zohocorp	manageengine_patch_connect_plus	9.0.0:build90081
zohocorp	manageengine_patch_connect_plus	9.0.0:build90082
zohocorp	manageengine_patch_connect_plus	9.0.0:build90083
zohocorp	manageengine_patch_connect_plus	9.0.0:build90084
zohocorp	manageengine_patch_connect_plus	9.0.0:build90085
zohocorp	manageengine_patch_connect_plus	9.0.0:build90086
zohocorp	manageengine_patch_connect_plus	9.0.0:build90087
zohocorp	manageengine_patch_connect_plus	9.0.0:build90088
zohocorp	manageengine_patch_connect_plus	9.0.0:build90089
zohocorp	manageengine_patch_connect_plus	9.0.0:build90090
zohocorp	manageengine_patch_connect_plus	9.0.0:build90091
zohocorp	manageengine_patch_connect_plus	9.0.0:build90092
zohocorp	manageengine_patch_connect_plus	9.0.0:build90093
zohocorp	manageengine_patch_connect_plus	9.0.0:build90094
zohocorp	manageengine_patch_connect_plus	9.0.0:build90095
zohocorp	manageengine_patch_connect_plus	9.0.0:build90096
zohocorp	manageengine_patch_connect_plus	9.0.0:build90097
zohocorp	manageengine_patch_connect_plus	9.0.0:build90098

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-434 - Unrestricted Upload of File with Dangerous Type
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

References

https://pitstop.manageengine.com/portal/en/community/topic/unauthenticated-remote-code-execution-vulnerability-solved

https://www.manageengine.com/sccm-third-party-patch-management/kb/unauthenticated-remote-code-execution.html

https://pitstop.manageengine.com/portal/en/community/topic/unauthenticated-remote-code-execution-vulnerability-solved

https://www.manageengine.com/sccm-third-party-patch-management/kb/unauthenticated-remote-code-execution.html