Remote Code Execution Vulnerability in Zoho ManageEngine ADSelfService Plus
CVE-2021-33055

9.8CRITICAL

Key Information:

Vendor: Zohocorp
Status: Manageengine Adselfservice Plus
Vendor: CVE Published:; 30 August 2021

What is CVE-2021-33055?

Zoho ManageEngine ADSelfService Plus versions prior to 6104 are susceptible to a remote code execution vulnerability that exists in non-English editions. This flaw allows attackers to execute arbitrary code without authentication, raising significant security concerns for organizations utilizing the software. It is crucial for users to upgrade to the patched version to mitigate potential risks and safeguard sensitive information.

References

https://blog.stmcyber.com/vulns/cve-2021-33055/

x_refsource_MISC

https://pitstop.manageengine.com/portal/en/community/topi...

x_refsource_CONFIRM

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2021
Vulnerability Reserved
May 17, 2021

Zohocorp

What is CVE-2021-33055?

References

EPSS Score

CVSS V3.1

Timeline