CVE-2021-40175

Published: Aug 29, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution.

Affected (10)

Products: Zohocorp: Manageengine Log360

1 product

Manageengine Log360

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Log360	Up to 5.1
Zohocorp Manageengine Log360	Version 5.2 build5200
Zohocorp Manageengine Log360	Version 5.2 build5201
Zohocorp Manageengine Log360	Version 5.2 build5206
Zohocorp Manageengine Log360	Version 5.2 build5209
Zohocorp Manageengine Log360	Version 5.2 build5210
Zohocorp Manageengine Log360	Version 5.2 build5211
Zohocorp Manageengine Log360	Version 5.2 build5213
Zohocorp Manageengine Log360	Version 5.2 build5214
Zohocorp Manageengine Log360	Version 5.2 build5218

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.manageengine.com/log-management/readme.html#Build%205219

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.manageengine.com/log-management/readme.html#Build%205219

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.