Path Traversal Vulnerability in Zoho ManageEngine ADManager Plus
CVE-2021-37922

5.3MEDIUM

Key Information:

Vendor: Zohocorp
Status: Manageengine Admanager Plus
Vendor: CVE Published:; 7 October 2021

What is CVE-2021-37922?

Zoho ManageEngine ADManager Plus, specifically versions 7110 and earlier, is impacted by a path traversal vulnerability. This flaw enables attackers to manipulate file paths and gain unauthorized access to sensitive files. The vulnerability facilitates the copying of files across directories, potentially exposing critical data. Organizations utilizing affected versions of ADManager Plus are encouraged to upgrade to version 7111 or later to mitigate any associated risks.

References

https://www.manageengine.com

x_refsource_MISC

https://www.manageengine.com/products/ad-manager/release-...

x_refsource_MISC

EPSS Score

25% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2021
Vulnerability Reserved
Aug 3, 2021

Zohocorp

What is CVE-2021-37922?

References

EPSS Score

CVSS V3.1

Timeline