PT-2021-23526 · Zoho · Zoho Manageengine M365 Manager Plus

Moon

·

Published

2021-11-30

·

Updated

2021-12-06

·

CVE-2021-42099

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Zoho ManageEngine M365 Manager Plus versions prior to 4421
Description The issue concerns a file-upload remote code execution problem.
Recommendations For versions prior to 4421, update to version 4421 or later to resolve the issue.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-42099

Affected Products

Zoho Manageengine M365 Manager Plus