PT-2022-12192 · Zoho · Zoho Manageengine M365 Manager Plus

Sahil Dhar

Published

2022-01-12

Updated

2022-01-24

CVE-2021-44650

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine M365 Manager Plus versions prior to Build 4419

Description The issue allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

Recommendations For versions prior to Build 4419, update to Build 4419 or later to resolve the issue. As a temporary workaround, consider restricting access to the Admin ProxySettings and Tenant ProxySettings components until a patch is applied. Avoid using these components for updating proxy settings until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-44650

Affected Products

Zoho Manageengine M365 Manager Plus

PT-2022-12192 · Zoho · Zoho Manageengine M365 Manager Plus

CVE-2021-44650

Related Identifiers

Affected Products

References · 5