CVE-2021-42099

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-42099
Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.manageengine.com Product
https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html#4421 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:-:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4000:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4001:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4002:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4003:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4004:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4005:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4007:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4008:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4009:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4010:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4011:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4012:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4013:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4014:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4100:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4101:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4102:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4103:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4104:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4105:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4106:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4108:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4109:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4110:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4111:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4112:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4113:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4115:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4116:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4117:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4118:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4119:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4200:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4201:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4202:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4203:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4204:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4205:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4206:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4207:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4208:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4209:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4210:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4211:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4212:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4213:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4214:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4215:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4216:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4217:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4218:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4219:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4220:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4221:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4222:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4300:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4301:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4302:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4303:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4304:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4305:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4306:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4308:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4309:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4310:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4311:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4312:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4316:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4317:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4318:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4319:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4320:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4321:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4322:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4324:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4325:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4327:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4328:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4329:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4330:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4331:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4332:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4333:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4334:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4335:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4336:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4400:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4401:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4402:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4403:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4406:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4407:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4408:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4410:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4411:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4412:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4413:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4414:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4415:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4416:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4417:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4418:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_m365_manager_plus:build_4419:*:*:*:*:*:*:*
History

No history.

Information

Published : 2021-11-30 19:15

Updated : 2021-12-06 18:20

NVD link : CVE-2021-42099

Mitre link : CVE-2021-42099

CVE.ORG link : CVE-2021-42099

JSON object : View

Products Affected

zohocorp

  • manageengine_m365_manager_plus
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type