CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
82.5%
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
Vendor | Product | Version | CPE |
---|---|---|---|
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2900:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2901:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2902:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2903:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2904:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2905:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2906:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 2.9 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2907:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 3.0 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3000:*:*:*:*:*:* |
zohocorp | manageengine_analytics_plus | 3.0 | cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3010:*:*:*:*:*:* |