Authentication Bypass Vulnerability in Zoho ManageEngine PAM360
CVE-2021-44525

9.8CRITICAL

Key Information:

Vendor: Zohocorp
Status: Manageengine Pam360
Vendor: CVE Published:; 20 December 2021

What is CVE-2021-44525?

Zoho ManageEngine PAM360 prior to build 5303 is subject to an authentication bypass vulnerability, which enables attackers to alter certain aspects of the application state without the need for proper authentication. This flaw presents a significant risk as it could allow unauthorized access to sensitive areas of the application, potentially leading to further exploitation of the system.

References

https://pitstop.manageengine.com/portal/en/community/topi...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2021
Vulnerability Reserved
Dec 2, 2021

Zohocorp

What is CVE-2021-44525?

References

CVSS V3.1

Timeline