PT-2021-24145 · Zoho · Zoho Manageengine Access Manager Plus
Published
2021-12-20
·
Updated
2023-08-08
·
CVE-2021-44676
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Zoho ManageEngine Access Manager Plus versions prior to 4203
Description:
The issue allows anyone to view certain data elements, such as access control details, and modify some aspects of the application state.
Recommendations:
For versions prior to 4203, update to version 4203 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data elements and application state modification capabilities until the update is applied.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoho Manageengine Access Manager Plus