CVE-2021-40173: CSRF
First published: Sun Aug 29 2021(Updated: )
Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Cloud Security Plus | <=4.0 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4100 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4101 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4102 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4103 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4104 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4105 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4106 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4107 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4108 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4109 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4110 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4111 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4112 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4113 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4115 | |
| Zohocorp Manageengine Cloud Security Plus | =4.1-4116 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-40173?
CVE-2021-40173 is a vulnerability in Zoho ManageEngine Cloud Security Plus before Build 4117 that allows a CSRF attack on the server proxy settings.
Which software versions are affected by CVE-2021-40173?
CVE-2021-40173 affects Zoho ManageEngine Cloud Security Plus versions 4.0 up to and including 4.1-4116.
What is the severity of CVE-2021-40173?
CVE-2021-40173 has a severity rating of 8.8 (high severity).
How can I fix CVE-2021-40173?
To fix CVE-2021-40173, you should update Zoho ManageEngine Cloud Security Plus to build 4117 or later. Make sure to check the official release notes for the update process.
Where can I find more information about CVE-2021-40173?
More information about CVE-2021-40173 can be found in the release notes of Zoho ManageEngine Cloud Security Plus.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/zohocorp
- canonical/zohocorp manageengine cloud security plus
- version/zohocorp manageengine cloud security plus/4.0
- version/zohocorp manageengine cloud security plus/4.1-4100
- version/zohocorp manageengine cloud security plus/4.1-4101
- version/zohocorp manageengine cloud security plus/4.1-4102
- version/zohocorp manageengine cloud security plus/4.1-4103
- version/zohocorp manageengine cloud security plus/4.1-4104
- version/zohocorp manageengine cloud security plus/4.1-4105
- version/zohocorp manageengine cloud security plus/4.1-4106
- version/zohocorp manageengine cloud security plus/4.1-4107
- version/zohocorp manageengine cloud security plus/4.1-4108
- version/zohocorp manageengine cloud security plus/4.1-4109
- version/zohocorp manageengine cloud security plus/4.1-4110
- version/zohocorp manageengine cloud security plus/4.1-4111
- version/zohocorp manageengine cloud security plus/4.1-4112
- version/zohocorp manageengine cloud security plus/4.1-4113
- version/zohocorp manageengine cloud security plus/4.1-4115
- version/zohocorp manageengine cloud security plus/4.1-4116