CVE-2021-41827
First published: Thu Sep 30 2021(Updated: )
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoho ManageEngine Remote Access Plus | <10.1.2121.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Zoho ManageEngine Remote Access Plus vulnerability?
The vulnerability ID for this Zoho ManageEngine Remote Access Plus vulnerability is CVE-2021-41827.
What is the severity of CVE-2021-41827?
The severity of CVE-2021-41827 is high with a severity value of 7.5.
What is the description of CVE-2021-41827?
CVE-2021-41827 is a vulnerability in Zoho ManageEngine Remote Access Plus before 10.1.2121.1 that has hardcoded credentials for read-only access.
How does CVE-2021-41827 affect Zoho ManageEngine Remote Access Plus?
CVE-2021-41827 affects Zoho ManageEngine Remote Access Plus before version 10.1.2121.1.
Is there a fix for CVE-2021-41827?
Yes, there is a hotfix available that addresses CVE-2021-41827. Please refer to the hotfix readme provided by Zoho ManageEngine for more information.
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/zohocorp
- canonical/zoho manageengine remote access plus