CVE-2021-37919: Malicious File Upload
First published: Thu Oct 07 2021(Updated: )
Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads to remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Admanager Plus | <7.1 | |
| Zohocorp Manageengine Admanager Plus | =7.1 | |
| Zohocorp Manageengine Admanager Plus | =7.1-7100 | |
| Zohocorp Manageengine Admanager Plus | =7.1-7101 | |
| Zohocorp Manageengine Admanager Plus | =7.1-7102 | |
| Zohocorp Manageengine Admanager Plus | =7.1-7110 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Zoho ManageEngine ADManager Plus?
The vulnerability ID for Zoho ManageEngine ADManager Plus is CVE-2021-37919.
What is the severity of CVE-2021-37919?
The severity of CVE-2021-37919 is critical with a severity value of 9.8.
What is the affected software version for CVE-2021-37919?
The affected software version for CVE-2021-37919 is Zoho ManageEngine ADManager Plus version 7.1.1.0 and prior.
What is the impact of CVE-2021-37919?
CVE-2021-37919 allows unrestricted file upload, which leads to remote code execution.
How can I fix CVE-2021-37919?
To fix CVE-2021-37919, update to Zoho ManageEngine ADManager Plus version 7.1.1.1 or later.
- agent/author
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/zohocorp
- canonical/zohocorp manageengine admanager plus
- version/zohocorp manageengine admanager plus/7.1
- version/zohocorp manageengine admanager plus/7.1-7100
- version/zohocorp manageengine admanager plus/7.1-7101
- version/zohocorp manageengine admanager plus/7.1-7102
- version/zohocorp manageengine admanager plus/7.1-7110