Zoho ManageEngine O365 Manager Plus up to 4415 ChangeDBAPI Privilege Escalation

A vulnerability classified as critical has been found in Zoho ManageEngine O365 Manager Plus up to 4415. This affects an unknown function of the component ChangeDBAPI. Upgrading to version 4416 eliminates this vulnerability. The upgrade is hosted for download at manageengine.com.

Field01/12/2022 07:31 PM01/15/2022 09:54 AM
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416
nameUpgradeUpgrade
upgrade_version44164416
upgrade_urlhttps://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416
cveCVE-2021-44652CVE-2021-44652
cve_assigned16387452001638745200
date1641942000 (01/12/2022)1641942000 (01/12/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.75.7
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.06.0
price_0day$0-$5k$0-$5k
vendorZoho ManageEngineZoho ManageEngine
nameO365 Manager PlusO365 Manager Plus
version<=4415<=4415
componentChangeDBAPIChangeDBAPI
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cve_nvd_summaryZoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!