cve-2020-21642
Vulnerability from cvelistv5
Published
2022-08-15 19:10
Modified
2024-08-04 14:30
Severity ?
Summary
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
References
cve@mitre.orghttps://www.manageengine.com/analytics-plus/release-notes.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.manageengine.com/analytics-plus/release-notes.htmlRelease Notes, Vendor Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:30:33.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.manageengine.com/analytics-plus/release-notes.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-15T19:10:38",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.manageengine.com/analytics-plus/release-notes.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-21642",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.manageengine.com/analytics-plus/release-notes.html",
              "refsource": "MISC",
              "url": "https://www.manageengine.com/analytics-plus/release-notes.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-21642",
    "datePublished": "2022-08-15T19:10:38",
    "dateReserved": "2020-08-13T00:00:00",
    "dateUpdated": "2024-08-04T14:30:33.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-21642\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-08-15T20:15:08.970\",\"lastModified\":\"2024-11-21T05:12:44.610\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Salto de Directorio en el par\u00e1metro ZDBQAREFSUBDIR en la API /zropusermgmt en Zoho ManageEngine Analytics Plus versiones anteriores a 4350, permite a atacantes remotos ejecutar c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2900:*:*:*:*:*:*\",\"matchCriteriaId\":\"E560738D-BA16-49A0-8D1C-7D4D0B571970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2901:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FDF985-6C13-4F41-93C8-DCBB47645883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2902:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE97DF0-96CE-4A7B-A5E7-58C4B7F37BAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2903:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1FC472-235D-463B-9A59-9937C0C25821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2904:*:*:*:*:*:*\",\"matchCriteriaId\":\"3733DBE8-4741-4103-A70B-12DB6275C91F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2905:*:*:*:*:*:*\",\"matchCriteriaId\":\"311AB1CD-6B37-4FF5-AB2B-3731BCF0E417\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2906:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEEC2F10-E03C-4BA0-8B81-9E2128E205FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2907:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44EEEFB-9BE8-4226-B5B9-2057EEE4C2BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3000:*:*:*:*:*:*\",\"matchCriteriaId\":\"F45C215F-7B20-4D4B-A238-7F317F977AAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3010:*:*:*:*:*:*\",\"matchCriteriaId\":\"138BAA05-E17E-473B-97C1-A554DE034750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3020:*:*:*:*:*:*\",\"matchCriteriaId\":\"37CD4DC7-DFE3-4107-A863-511CDECF3BF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3030:*:*:*:*:*:*\",\"matchCriteriaId\":\"090F322E-37E6-4F99-8DAA-459CEE033599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3040:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7ABF80F-04E1-4F26-9ADD-B9FE2B05DDAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3050:*:*:*:*:*:*\",\"matchCriteriaId\":\"F51FA923-1507-4CF5-B9A8-B3C55A1917AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3100:*:*:*:*:*:*\",\"matchCriteriaId\":\"439C788F-9FE1-4E6A-AC22-726652001028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3110:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADD3A92-CD4A-46AB-B205-30869D035191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3120:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3DF13A-C027-419D-93C1-A845AA7F1552\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3130:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CC22120-DF5D-4863-B648-8E2CCE69844A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3140:*:*:*:*:*:*\",\"matchCriteriaId\":\"316BBCB1-46F2-47C9-A807-D6720A7E677F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3200:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA84E03-C267-4D3A-A1AA-8B070AD07EB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3250:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFAE91BB-C0A2-482B-9904-60A776CD7610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3300:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C5AE5F-09B2-44B8-8818-31B863A979A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3310:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00DD389-28E4-4B57-B55D-79A4604F970D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3400:*:*:*:*:*:*\",\"matchCriteriaId\":\"E24FE5AC-A721-4B01-AFE9-90FC4F535B8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3450:*:*:*:*:*:*\",\"matchCriteriaId\":\"B908B183-3DCD-4658-9D84-94C23BDCAEED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.5:build3500:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FBEA846-F937-4B71-86AB-D786E631FB23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.6:build3600:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F662E1-DCE9-4E10-B753-55BF9F50F0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.7:build3700:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0B20DF8-5B0F-49C4-A307-DDF541B4470D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.8:build3800:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B9745B-700D-48AD-96B2-D82C7B7ACD15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3900:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F11468-3230-4EE1-8C8F-A81140AB1687\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3950:*:*:*:*:*:*\",\"matchCriteriaId\":\"2227A675-F820-4317-8D58-12B5FF52BE1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.0:build4000:*:*:*:*:*:*\",\"matchCriteriaId\":\"B42E54F2-993A-4E4F-A27E-7D7AA6D065DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4100:*:*:*:*:*:*\",\"matchCriteriaId\":\"D774A609-56FE-4CAD-B60A-AC0260CADC1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4150:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3BB7CF2-FB25-422D-A958-40905E3B325A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4200:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3C2AD0-5C5B-410C-AAB2-F4B8CA857D3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4250:*:*:*:*:*:*\",\"matchCriteriaId\":\"F165A880-33C4-4717-AED4-2BD498A33CB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4260:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C259FB2-4EAE-40BE-8955-A31883338F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4270:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B4220E-42D1-4CC7-843E-BA93C7C27A7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4280:*:*:*:*:*:*\",\"matchCriteriaId\":\"40582AD8-FB0D-4F82-AB79-074D61C6C842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4300:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2DA2F0D-87A6-4CA3-8F5D-98BB7AF8C70B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4310:*:*:*:*:*:*\",\"matchCriteriaId\":\"18CA8B82-AE2C-48D0-AE29-CC969AFCA704\"}]}]}],\"references\":[{\"url\":\"https://www.manageengine.com/analytics-plus/release-notes.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.manageengine.com/analytics-plus/release-notes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.