fkie_cve-2020-21642
Vulnerability from fkie_nvd
Published
2022-08-15 20:15
Modified
2024-11-21 05:12
Severity ?
Summary
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/analytics-plus/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/analytics-plus/release-notes.html | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2900:*:*:*:*:*:*",
"matchCriteriaId": "E560738D-BA16-49A0-8D1C-7D4D0B571970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2901:*:*:*:*:*:*",
"matchCriteriaId": "16FDF985-6C13-4F41-93C8-DCBB47645883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2902:*:*:*:*:*:*",
"matchCriteriaId": "7DE97DF0-96CE-4A7B-A5E7-58C4B7F37BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2903:*:*:*:*:*:*",
"matchCriteriaId": "1D1FC472-235D-463B-9A59-9937C0C25821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2904:*:*:*:*:*:*",
"matchCriteriaId": "3733DBE8-4741-4103-A70B-12DB6275C91F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2905:*:*:*:*:*:*",
"matchCriteriaId": "311AB1CD-6B37-4FF5-AB2B-3731BCF0E417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2906:*:*:*:*:*:*",
"matchCriteriaId": "EEEC2F10-E03C-4BA0-8B81-9E2128E205FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2907:*:*:*:*:*:*",
"matchCriteriaId": "E44EEEFB-9BE8-4226-B5B9-2057EEE4C2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3000:*:*:*:*:*:*",
"matchCriteriaId": "F45C215F-7B20-4D4B-A238-7F317F977AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3010:*:*:*:*:*:*",
"matchCriteriaId": "138BAA05-E17E-473B-97C1-A554DE034750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3020:*:*:*:*:*:*",
"matchCriteriaId": "37CD4DC7-DFE3-4107-A863-511CDECF3BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3030:*:*:*:*:*:*",
"matchCriteriaId": "090F322E-37E6-4F99-8DAA-459CEE033599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3040:*:*:*:*:*:*",
"matchCriteriaId": "A7ABF80F-04E1-4F26-9ADD-B9FE2B05DDAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3050:*:*:*:*:*:*",
"matchCriteriaId": "F51FA923-1507-4CF5-B9A8-B3C55A1917AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3100:*:*:*:*:*:*",
"matchCriteriaId": "439C788F-9FE1-4E6A-AC22-726652001028",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3110:*:*:*:*:*:*",
"matchCriteriaId": "8ADD3A92-CD4A-46AB-B205-30869D035191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3120:*:*:*:*:*:*",
"matchCriteriaId": "FE3DF13A-C027-419D-93C1-A845AA7F1552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3130:*:*:*:*:*:*",
"matchCriteriaId": "6CC22120-DF5D-4863-B648-8E2CCE69844A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3140:*:*:*:*:*:*",
"matchCriteriaId": "316BBCB1-46F2-47C9-A807-D6720A7E677F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3200:*:*:*:*:*:*",
"matchCriteriaId": "5DA84E03-C267-4D3A-A1AA-8B070AD07EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3250:*:*:*:*:*:*",
"matchCriteriaId": "CFAE91BB-C0A2-482B-9904-60A776CD7610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3300:*:*:*:*:*:*",
"matchCriteriaId": "55C5AE5F-09B2-44B8-8818-31B863A979A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3310:*:*:*:*:*:*",
"matchCriteriaId": "B00DD389-28E4-4B57-B55D-79A4604F970D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3400:*:*:*:*:*:*",
"matchCriteriaId": "E24FE5AC-A721-4B01-AFE9-90FC4F535B8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3450:*:*:*:*:*:*",
"matchCriteriaId": "B908B183-3DCD-4658-9D84-94C23BDCAEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.5:build3500:*:*:*:*:*:*",
"matchCriteriaId": "7FBEA846-F937-4B71-86AB-D786E631FB23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.6:build3600:*:*:*:*:*:*",
"matchCriteriaId": "C6F662E1-DCE9-4E10-B753-55BF9F50F0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.7:build3700:*:*:*:*:*:*",
"matchCriteriaId": "E0B20DF8-5B0F-49C4-A307-DDF541B4470D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.8:build3800:*:*:*:*:*:*",
"matchCriteriaId": "70B9745B-700D-48AD-96B2-D82C7B7ACD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3900:*:*:*:*:*:*",
"matchCriteriaId": "56F11468-3230-4EE1-8C8F-A81140AB1687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3950:*:*:*:*:*:*",
"matchCriteriaId": "2227A675-F820-4317-8D58-12B5FF52BE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.0:build4000:*:*:*:*:*:*",
"matchCriteriaId": "B42E54F2-993A-4E4F-A27E-7D7AA6D065DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4100:*:*:*:*:*:*",
"matchCriteriaId": "D774A609-56FE-4CAD-B60A-AC0260CADC1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4150:*:*:*:*:*:*",
"matchCriteriaId": "A3BB7CF2-FB25-422D-A958-40905E3B325A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4200:*:*:*:*:*:*",
"matchCriteriaId": "4B3C2AD0-5C5B-410C-AAB2-F4B8CA857D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4250:*:*:*:*:*:*",
"matchCriteriaId": "F165A880-33C4-4717-AED4-2BD498A33CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4260:*:*:*:*:*:*",
"matchCriteriaId": "8C259FB2-4EAE-40BE-8955-A31883338F3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4270:*:*:*:*:*:*",
"matchCriteriaId": "83B4220E-42D1-4CC7-843E-BA93C7C27A7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4280:*:*:*:*:*:*",
"matchCriteriaId": "40582AD8-FB0D-4F82-AB79-074D61C6C842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4300:*:*:*:*:*:*",
"matchCriteriaId": "C2DA2F0D-87A6-4CA3-8F5D-98BB7AF8C70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4310:*:*:*:*:*:*",
"matchCriteriaId": "18CA8B82-AE2C-48D0-AE29-CC969AFCA704",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Salto de Directorio en el par\u00e1metro ZDBQAREFSUBDIR en la API /zropusermgmt en Zoho ManageEngine Analytics Plus versiones anteriores a 4350, permite a atacantes remotos ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2020-21642",
"lastModified": "2024-11-21T05:12:44.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-15T20:15:08.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/analytics-plus/release-notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.manageengine.com/analytics-plus/release-notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.