CVE-2021-41833

Summary

CVE	CVE-2021-41833
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-11 05:15:00 UTC
Updated	2021-11-15 22:05:00 UTC
Description	Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.

Risk And Classification

Problem Types: CWE-434

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Zohocorp	Manageengine Patch Connect Plus	All	All	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	-	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90001	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90063	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90064	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90065	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90066	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90067	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90068	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90069	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90070	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90071	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90072	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90073	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90074	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90075	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90076	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90077	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90078	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90079	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90080	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90081	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90082	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90083	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90084	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90085	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90086	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90087	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90088	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90089	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90090	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90091	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90092	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90093	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90094	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90095	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90096	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90097	All	All
Application	Zohocorp	Manageengine Patch Connect Plus	9.0.0	build90098	All	All

References

Reference	Source	Link	Tags
POPUP	CONFIRM	pitstop.manageengine.com
Unauthenticated Remote Code Execution Vulnerability \| ManageEngine Patch Connect Plus	CONFIRM	www.manageengine.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.