CVE-2021-44650

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
zohocorpmanageengine_m365_manager_plus
𝑥
< 4.4
zohocorpmanageengine_m365_manager_plus
4.4
zohocorpmanageengine_m365_manager_plus
4.4:build4400
zohocorpmanageengine_m365_manager_plus
4.4:build4401
zohocorpmanageengine_m365_manager_plus
4.4:build4402
zohocorpmanageengine_m365_manager_plus
4.4:build4403
zohocorpmanageengine_m365_manager_plus
4.4:build4406
zohocorpmanageengine_m365_manager_plus
4.4:build4407
zohocorpmanageengine_m365_manager_plus
4.4:build4408
zohocorpmanageengine_m365_manager_plus
4.4:build4410
zohocorpmanageengine_m365_manager_plus
4.4:build4411
zohocorpmanageengine_m365_manager_plus
4.4:build4412
zohocorpmanageengine_m365_manager_plus
4.4:build4413
zohocorpmanageengine_m365_manager_plus
4.4:build4414
zohocorpmanageengine_m365_manager_plus
4.4:build4415
zohocorpmanageengine_m365_manager_plus
4.4:build4416
zohocorpmanageengine_m365_manager_plus
4.4:build4417
zohocorpmanageengine_m365_manager_plus
4.4:build4418
𝑥
= Vulnerable software versions
References
https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4419
https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4419