PT-2021-21909 · Zoho · Zoho Manageengine Admanager Plus

Qbao

Published

2021-10-07

Updated

2021-10-15

CVE-2021-37918

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions 7110 and prior

Description: The issue allows for unrestricted file upload, which can lead to remote code execution.

Recommendations: For Zoho ManageEngine ADManager Plus versions 7110 and prior, update to a version later than 7110 to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-37918

Affected Products

Zoho Manageengine Admanager Plus

PT-2021-21909 · Zoho · Zoho Manageengine Admanager Plus

CVE-2021-37918

Weakness Enumeration

Related Identifiers

Affected Products

References · 5