ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. An access control error vulnerability exists in versions of ZOHO ManageEngine Remote Access Plus Server prior to 10.1.2121.1, which stems from a faulty access control. An attacker could use this vulnerability to achieve elevation of privilege, unauthorized password reset, steal sensitive data, access credentials in clear text, access registry values, tamper with configuration files, etc.