CVE-2021-44525

Published: Dec 20, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.

Affected (23)

Products: Zohocorp: Manageengine Pam360

Zohocorp

1 product

Manageengine Pam360

Configuration A

23 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Pam360	Version 4.0
Zohocorp Manageengine Pam360	Version 4.0 build4001
Zohocorp Manageengine Pam360	Version 4.0 build4002
Zohocorp Manageengine Pam360	Version 4.1
Zohocorp Manageengine Pam360	Version 4.1 build4100
Zohocorp Manageengine Pam360	Version 4.1 build4101
Zohocorp Manageengine Pam360	Version 4.5
Zohocorp Manageengine Pam360	Version 4.5 build4500
Zohocorp Manageengine Pam360	Version 4.5 build4501
Zohocorp Manageengine Pam360	Version 5.0
Zohocorp Manageengine Pam360	Version 5.0 build5000
Zohocorp Manageengine Pam360	Version 5.0 build5001
Zohocorp Manageengine Pam360	Version 5.0 build5002
Zohocorp Manageengine Pam360	Version 5.0 build5003
Zohocorp Manageengine Pam360	Version 5.0 build5004
Zohocorp Manageengine Pam360	Version 5.1
Zohocorp Manageengine Pam360	Version 5.1 build5100
Zohocorp Manageengine Pam360	Version 5.2
Zohocorp Manageengine Pam360	Version 5.2 build5200
Zohocorp Manageengine Pam360	Version 5.3
Zohocorp Manageengine Pam360	Version 5.3 build5300
Zohocorp Manageengine Pam360	Version 5.3 build5301
Zohocorp Manageengine Pam360	Version 5.3 build5302

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360

Source: cve@mitre.org

Vendor Advisory

https://pitstop.manageengine.com/portal/en/community/topic/title-security-advisory-for-cve-2021-44525-authentication-bypass-vulnerability-in-manageengine-pam360

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.