Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2021-42847
HistoryNov 11, 2021 - 5:15 a.m.

CVE-2021-42847

2021-11-1105:15:09
mitre
web.nvd.nist.gov
50
6
cve-2021-42847
zoho
manageengine
adaudit plus
file write
file execution
vulnerability
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.18

Percentile

96.3%

JSON

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.

Affected configurations

Nvd
Node
zohocorpmanageengine_adaudit_plusRange<7.0
OR
zohocorpmanageengine_adaudit_plusMatch7.0-
OR
zohocorpmanageengine_adaudit_plusMatch7.07000
OR
zohocorpmanageengine_adaudit_plusMatch7.07002
OR
zohocorpmanageengine_adaudit_plusMatch7.07003
OR
zohocorpmanageengine_adaudit_plusMatch7.07004
OR
zohocorpmanageengine_adaudit_plusMatch7.07005
VendorProductVersionCPE
zohocorpmanageengine_adaudit_plus*cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:-:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7000:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7002:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7003:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7004:*:*:*:*:*:*
zohocorpmanageengine_adaudit_plus7.0cpe:2.3:a:zohocorp:manageengine_adaudit_plus:7.0:7005:*:*:*:*:*:*

Social References

More

Related

zdt 1
nessus 2
packetstorm 1
cvelist 1
prion 1
metasploit 1
nvd 1
rapid7blog 1
zdt
zdt
ManageEngine ADAudit Plus Remote Code Execution Exploit
2023-05-09 00:00:00
nessus
nessus
ManageEngine ADManager Plus <= Build 7005 RCE (deprecated)
2023-05-11 00:00:00
ManageEngine ADAudit Plus < Build 7006 File Upload RCE
2021-11-29 00:00:00
packetstorm
packetstorm
ManageEngine ADAudit Plus Remote Code Execution
2023-05-09 00:00:00
cvelist
cvelist
CVE-2021-42847
2021-11-11 00:00:00
prion
prion
Code injection
2021-11-11 05:15:00
metasploit
metasploit
ManageEngine ADAudit Plus Authenticated File Write RCE
2023-05-04 20:12:09
nvd
nvd
CVE-2021-42847
2021-11-11 05:15:09
rapid7blog
rapid7blog
Metasploit Wrap-up
2023-05-12 17:41:20

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.18

Percentile

96.3%

JSON
Related for CVE-2021-42847
zdt1nessus2packetstorm1cvelist1prion1metasploit1nvd1rapid7blog1