CVE-2021-37419

Опубликовано: 21 сент. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.

Ссылки

https://blog.stmcyber.com/vulns/cve-2021-37419/
Exploit
Third Party Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Patch
Vendor Advisory
https://www.manageengine.com
Product
https://blog.stmcyber.com/vulns/cve-2021-37419/
Exploit
Third Party Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Patch
Vendor Advisory
https://www.manageengine.com
Product

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*

Версия до 6.1 (исключая)

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07708

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-918

Связанные уязвимости

GHSA-xq7h-5h92-cwp8