Vulnerability Details CVE-2021-41827
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.114
EPSS Ranking 93.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://medium.com/nestedif/vulnerability-disclosure-hardcoded-keys-password-zoho-r-a-p-318aa9bba2e
- https://www.manageengine.com/remote-desktop-management/hotfix-readme.html
- https://medium.com/nestedif/vulnerability-disclosure-hardcoded-keys-password-zoho-r-a-p-318aa9bba2e
- https://www.manageengine.com/remote-desktop-management/hotfix-readme.html
Products affected by CVE-2021-41827
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:-
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.252
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.253
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.254
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.255
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.256
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.257
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.258
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.259
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.415
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.416
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.421
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.422
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.428
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.430
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.431
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.432
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.433
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.434
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.435
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.436
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.440
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.447
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.448
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.450
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.451
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.452
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.453
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.454
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.465
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.466
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.468
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.469
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.472
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.473
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.0.476
-
cpe:2.3:a:zohocorp:manageengine_remote_access_plus:10.1.2119.1