CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-44651

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.078

EPSS Ranking 91.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://sahildhar.github.io/blogpost/Zoho-ManageEngine-CloudSecurityPlus-Remote-Code-Execution-via-Security-Misconfiguration/
https://sahildhar.github.io/blogpost/Zoho-ManageEngine-CloudSecurityPlus-Remote-Code-Execution-via-Security-Misconfiguration/

Products affected by CVE-2021-44651

Zohocorp » Log360 » Version: Any

cpe:2.3:a:zohocorp:log360:*
Zohocorp » Manageengine Cloud Security Plus » Version: 4.0

cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.0
Zohocorp » Manageengine Cloud Security Plus » Version: 4.1

cpe:2.3:a:zohocorp:manageengine_cloud_security_plus:4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-44651

Products

Pricing

Contact Us