CVE-2020-21642
Summary
| CVE | CVE-2020-21642 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-15 20:15:00 UTC |
| Updated | 2022-08-16 17:28:00 UTC |
| Description | Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2900 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2901 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2902 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2903 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2904 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2905 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2906 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 2.9 | build2907 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.0 | build3000 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.0 | build3010 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.0 | build3020 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.0 | build3030 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.0 | build3040 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.0 | build3050 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.1 | build3100 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.1 | build3110 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.1 | build3120 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.1 | build3130 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.1 | build3140 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.2 | build3200 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.2 | build3250 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.3 | build3300 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.3 | build3310 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.4 | build3400 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.4 | build3450 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.5 | build3500 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.6 | build3600 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.7 | build3700 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.8 | build3800 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.9 | build3900 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 3.9 | build3950 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.0 | build4000 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.1 | build4100 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.1 | build4150 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.2 | build4200 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.2 | build4250 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.2 | build4260 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.2 | build4270 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.2 | build4280 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.3 | build4300 | All | All |
| Application | Zohocorp | Manageengine Analytics Plus | 4.3 | build4310 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ManageEngine Analytics Plus | Release Notes | MISC | www.manageengine.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.