Server-Side Request Forgery Vulnerability in Zoho ManageEngine Applications Manager
CVE-2021-35512

6.5MEDIUM

Key Information:

Vendor

Zohocorp
Status
Manageengine Applications Manager
Vendor
CVE Published:
21 October 2021

What is CVE-2021-35512?

A vulnerability related to server-side request forgery (SSRF) has been identified in Zoho ManageEngine Applications Manager. This flaw may allow an attacker to send crafted requests from the server, potentially leading to unauthorized access to internal services or sensitive data. Organizations using affected versions are advised to implement security measures and updates promptly to mitigate risks associated with this vulnerability.

References

https://www.manageengine.com/products/applications_manage...
x_refsource_MISC
https://www.manageengine.com/products/applications_manager/
x_refsource_MISC
https://www.esecforte.com/server-side-request-forgery-ind...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.