Zoho ManageEngine CloudSecurityPlus up to 4116 updatePersonalizeSettings Privilege Escalation

A vulnerability was found in Zoho ManageEngine CloudSecurityPlus up to 4116 (Cloud Software). It has been rated as critical. Affected by this issue is some unknown processing of the component updatePersonalizeSettings. Upgrading to version 4117 eliminates this vulnerability.

Field01/12/2022 07:29 PM01/15/2022 09:53 AM
vendorZoho ManageEngineZoho ManageEngine
nameCloudSecurityPlusCloudSecurityPlus
version<=4116<=4116
componentupdatePersonalizeSettingsupdatePersonalizeSettings
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://sahildhar.github.io/blogpost/Zoho-ManageEngine-CloudSecurityPlus-Remote-Code-Execution-via-Security-Misconfiguration/https://sahildhar.github.io/blogpost/Zoho-ManageEngine-CloudSecurityPlus-Remote-Code-Execution-via-Security-Misconfiguration/
nameUpgradeUpgrade
upgrade_version41174117
cveCVE-2021-44651CVE-2021-44651
cve_assigned16387452001638745200
date1641942000 (01/12/2022)1641942000 (01/12/2022)
typeCloud SoftwareCloud Software
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.75.7
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.06.0
price_0day$0-$5k$0-$5k
cve_nvd_summaryZoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.

Might our Artificial Intelligence support you?

Check our Alexa App!