Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
References
Link | Resource |
---|---|
https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior | Vendor Advisory |
https://www.manageengine.com | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
04 Jan 2022, 17:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-668 | |
CPE | cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4201:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4200:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4100:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.1:build4101:*:*:*:*:*:* cpe:2.3:a:zohocorp:manageengine_access_manager_plus:4.2:build4202:*:*:*:*:*:* |
|
First Time |
Zohocorp
Zohocorp manageengine Access Manager Plus |
|
References | (CONFIRM) https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-access-manager-plus-build-4202-and-prior - Vendor Advisory | |
References | (MISC) https://www.manageengine.com - Vendor Advisory |
20 Dec 2021, 16:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-20 15:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-44676
Mitre link : CVE-2021-44676
CVE.ORG link : CVE-2021-44676
JSON object : View
Products Affected
zohocorp
- manageengine_access_manager_plus
CWE
CWE-287
Improper Authentication