Vulnerability Details CVE-2021-44525
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360
- https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360
Products affected by CVE-2021-44525
-
cpe:2.3:a:zohocorp:manageengine_pam360:4.0
-
cpe:2.3:a:zohocorp:manageengine_pam360:4.1
-
cpe:2.3:a:zohocorp:manageengine_pam360:4.5
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.0
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.1
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.2
-
cpe:2.3:a:zohocorp:manageengine_pam360:5.3