CVE-2021-44652 : Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code executi

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

Published 2022-01-12 15:15:07

Updated 2022-01-25 14:08:01

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2021-44652

Zohocorp » Manageengine O365 Manager Plus
Versions before (<) 4.4
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:*:*:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:-:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4400
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4400:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4401
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4401:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4402
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4402:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4403
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4403:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4406
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4406:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4407
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4407:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4408
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4408:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4410
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4410:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4411
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4411:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4412
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4412:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4413
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4413:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4414
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4414:*:*:*:*:*:*
Matching versions
Zohocorp » Manageengine O365 Manager Plus » Version: 4.4 Update Build4415
cpe:2.3:a:zohocorp:manageengine_o365_manager_plus:4.4:build4415:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-44652

EPSS FAQ

1.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-44652

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-44652

https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4416

Release Notes – ManageEngine M365 Manager Plus
Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-44652

Products affected by CVE-2021-44652

Exploit prediction scoring system (EPSS) score for CVE-2021-44652

CVSS scores for CVE-2021-44652

References for CVE-2021-44652