CVE-2021-37927

Published: Sep 22, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.

Affected (6)

Products: Zohocorp: Manageengine Admanager Plus

1 product

Manageengine Admanager Plus

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Admanager Plus	Before 7.1
Zohocorp Manageengine Admanager Plus	Version 7.1
Zohocorp Manageengine Admanager Plus	Version 7.1 7100
Zohocorp Manageengine Admanager Plus	Version 7.1 7101
Zohocorp Manageengine Admanager Plus	Version 7.1 7102
Zohocorp Manageengine Admanager Plus	Version 7.1 7110

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (6)

https://www.manageengine.com

Source: cve@mitre.org

Vendor Advisory

https://www.manageengine.com/products/ad-manager/release-notes.html#7111

Source: cve@mitre.org

Vendor Advisory

https://www.manageengine.com/products/self-service-password/release-notes.html#6110

Source: cve@mitre.org

Not ApplicableVendor Advisory

https://www.manageengine.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.manageengine.com/products/ad-manager/release-notes.html#7111

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.manageengine.com/products/self-service-password/release-notes.html#6110

Source: af854a3a-2127-422b-91ae-364da2661108

Not ApplicableVendor Advisory

Timeline

No history available yet.