Vulnerability Details CVE-2021-44676
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.096
EPSS Ranking 92.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior
- https://www.manageengine.com
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior
- https://www.manageengine.com
Products affected by CVE-2021-44676
-
cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1
-
cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2