Zoho ManageEngine O365 Manager Plus fino 4415 ChangeDBAPI Privilege Escalation

Una vulnerabilità di livello critico è stata rilevata in Zoho ManageEngine O365 Manager Plus fino 4415. Interessato da questa vulnerabilità è una funzione sconosciuta del componente ChangeDBAPI. L'aggiornamento alla versione 4416 elimina questa vulnerabilità. L'aggiornamento è scaricabile da manageengine.com.

Campo12/01/2022 19:3115/01/2022 09:54
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416
nameUpgradeUpgrade
upgrade_version44164416
upgrade_urlhttps://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416
cveCVE-2021-44652CVE-2021-44652
cve_assigned1638745200 (06/12/2021)1638745200 (06/12/2021)
date1641942000 (12/01/2022)1641942000 (12/01/2022)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss2_vuldb_basescore6.56.5
cvss2_vuldb_tempscore5.75.7
cvss3_vuldb_basescore6.36.3
cvss3_vuldb_tempscore6.06.0
cvss3_meta_basescore6.36.3
cvss3_meta_tempscore6.06.0
price_0day$0-$5k$0-$5k
vendorZoho ManageEngineZoho ManageEngine
nameO365 Manager PlusO365 Manager Plus
version<=4415<=4415
componentChangeDBAPIChangeDBAPI
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cve_nvd_summaryZoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

Might our Artificial Intelligence support you?

Check our Alexa App!