CVE-2021-28959: Path Traversal
First published: Fri Apr 30 2021(Updated: )
Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Eventlog Analyzer | <12.1.4 | |
| Zohocorp Manageengine Eventlog Analyzer | =12.1.4 | |
| Zohocorp Manageengine Eventlog Analyzer | =12.1.4-12141 | |
| Zohocorp Manageengine Eventlog Analyzer | =12.1.4-12145 | |
| Zohocorp Manageengine Eventlog Analyzer | =12.1.4-12146 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-28959?
CVE-2021-28959 is a vulnerability in Zoho ManageEngine Eventlog Analyzer, which allows unauthenticated directory traversal and can lead to remote code execution.
How severe is CVE-2021-28959?
CVE-2021-28959 has a severity level of critical with a CVSS score of 9.8.
Which versions of Zoho ManageEngine Eventlog Analyzer are affected by CVE-2021-28959?
Zoho ManageEngine Eventlog Analyzer versions up to 12.1.4 and versions 12.1.4-12141, 12.1.4-12145, and 12.1.4-12146 are affected by CVE-2021-28959.
How can CVE-2021-28959 be exploited?
CVE-2021-28959 can be exploited through unauthenticated directory traversal via an entry in a ZIP archive, which can lead to remote code execution.
How can I fix CVE-2021-28959?
To fix CVE-2021-28959, users are advised to update Zoho ManageEngine Eventlog Analyzer to a version higher than 12.1.4 or apply the necessary security patches provided by the vendor.
- collector/nvd-index
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- agent/description
- vendor/zohocorp
- canonical/zohocorp manageengine eventlog analyzer
- version/zohocorp manageengine eventlog analyzer/12.1.4
- version/zohocorp manageengine eventlog analyzer/12.1.4-12141
- version/zohocorp manageengine eventlog analyzer/12.1.4-12145
- version/zohocorp manageengine eventlog analyzer/12.1.4-12146