CVE-2021-37420

Опубликовано: 21 сент. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.

Ссылки

https://blog.stmcyber.com/vulns/cve-2021-37420/
Exploit
Third Party Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Patch
Vendor Advisory
https://www.manageengine.com
Product
Vendor Advisory
https://blog.stmcyber.com/vulns/cve-2021-37420/
Exploit
Third Party Advisory
https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release
Patch
Vendor Advisory
https://www.manageengine.com
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*

Версия до 6.1 (исключая)

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*

cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01124

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-3vhg-jg9c-c6r7