CVE-2021-46164 : Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

Published 2022-01-10 14:11:32

Updated 2022-01-14 01:56:16

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2021-46164

Probability of exploitation activity in the next 30 days: 0.44%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-46164

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-46164

https://www.manageengine.com/products/desktop-central/vulnerabilities-in-reports-module.html

Vulnerabilities in Reports module
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-46164

Zohocorp » Manageengine Desktop Central
Versions before (<) 10.0.662
cpe:2.3:a:zohocorp:manageengine_desktop_central:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2021-46164

Exploit prediction scoring system (EPSS) score for CVE-2021-46164

CVSS scores for CVE-2021-46164

References for CVE-2021-46164

Products affected by CVE-2021-46164