PT-2021-21698 · Zoho · Zoho Manageengine Admanager Plus

Bmtd

Published

2021-09-27

Updated

2021-10-01

CVE-2021-37539

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine ADManager Plus versions prior to 7111

Description The issue is related to an unrestricted file upload, which can lead to remote code execution.

Recommendations For versions prior to 7111, update to version 7111 or later to resolve the issue. As a temporary workaround, consider restricting access to file upload functionality to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-37539

Affected Products

Zoho Manageengine Admanager Plus

PT-2021-21698 · Zoho · Zoho Manageengine Admanager Plus

CVE-2021-37539

Weakness Enumeration

Related Identifiers

Affected Products

References · 6