CVE-2021-44525

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
zohocorpmanageengine_pam360
4.0
zohocorpmanageengine_pam360
4.0:build4001
zohocorpmanageengine_pam360
4.0:build4002
zohocorpmanageengine_pam360
4.1
zohocorpmanageengine_pam360
4.1:build4100
zohocorpmanageengine_pam360
4.1:build4101
zohocorpmanageengine_pam360
4.5
zohocorpmanageengine_pam360
4.5:build4500
zohocorpmanageengine_pam360
4.5:build4501
zohocorpmanageengine_pam360
5.0
zohocorpmanageengine_pam360
5.0:build5000
zohocorpmanageengine_pam360
5.0:build5001
zohocorpmanageengine_pam360
5.0:build5002
zohocorpmanageengine_pam360
5.0:build5003
zohocorpmanageengine_pam360
5.0:build5004
zohocorpmanageengine_pam360
5.1
zohocorpmanageengine_pam360
5.1:build5100
zohocorpmanageengine_pam360
5.2
zohocorpmanageengine_pam360
5.2:build5200
zohocorpmanageengine_pam360
5.3
zohocorpmanageengine_pam360
5.3:build5300
zohocorpmanageengine_pam360
5.3:build5301
zohocorpmanageengine_pam360
5.3:build5302
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360
https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360