PT-2022-12194 · Zoho · Zoho Manageengine M365 Manager Plus

Sahil Dhar

Published

2022-01-12

Updated

2022-01-25

CVE-2021-44652

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zoho ManageEngine O365 Manager Plus versions prior to Build 4416

Description The issue allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

Recommendations For versions prior to Build 4416, update to Build 4416 or later to resolve the issue. As a temporary workaround, consider restricting access to the ChangeDBAPI component to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-44652

Affected Products

Zoho Manageengine M365 Manager Plus

PT-2022-12194 · Zoho · Zoho Manageengine M365 Manager Plus

CVE-2021-44652

Related Identifiers

Affected Products

References · 4