CVE-2021-20130

Published: Oct 13, 2021Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.

Affected (6)

Products: Zohocorp: Manageengine Admanager Plus

Zohocorp

1 product

Manageengine Admanager Plus

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Admanager Plus	Before 7.1
Zohocorp Manageengine Admanager Plus	Version 7.1
Zohocorp Manageengine Admanager Plus	Version 7.1 7100
Zohocorp Manageengine Admanager Plus	Version 7.1 7101
Zohocorp Manageengine Admanager Plus	Version 7.1 7102
Zohocorp Manageengine Admanager Plus	Version 7.1 7110

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.tenable.com/security/research/tra-2021-43

Source: vulnreport@tenable.com

Vendor Advisory

https://www.tenable.com/security/research/tra-2021-43

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.