CVE-2021-44651

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
zohocorpmanageengine_cloud_security_plus
𝑥
< 4.1
zohocorpmanageengine_cloud_security_plus
4.1
zohocorpmanageengine_cloud_security_plus
4.1:build4110
zohocorpmanageengine_cloud_security_plus
4.1:build4111
zohocorpmanageengine_cloud_security_plus
4.1:build4112
zohocorpmanageengine_cloud_security_plus
4.1:build4113
zohocorpmanageengine_cloud_security_plus
4.1:build4115
zohocorpmanageengine_cloud_security_plus
4.1:build4116
zohocorplog360
𝑥
≤ 5.2.2
zohocorpmanageengine_cloud_security_plus
𝑥
≤ 4.1.1.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sahildhar.github.io/blogpost/Zoho-ManageEngine-CloudSecurityPlus-Remote-Code-Execution-via-Security-Misconfiguration/
https://sahildhar.github.io/blogpost/Zoho-ManageEngine-CloudSecurityPlus-Remote-Code-Execution-via-Security-Misconfiguration/