What is the severity of CVE-2021-41833?

The severity of CVE-2021-41833 is critical.

How does CVE-2021-41833 affect Zoho ManageEngine Patch Connect Plus?

CVE-2021-41833 allows unauthenticated remote code execution in Zoho ManageEngine Patch Connect Plus version 9.0.0.

How can I fix CVE-2021-41833?

To fix CVE-2021-41833, you should update Zoho ManageEngine Patch Connect Plus to version 9.0.0-build90099 or higher.

What is the Common Weakness Enumeration (CWE) ID of CVE-2021-41833?

The Common Weakness Enumeration (CWE) ID of CVE-2021-41833 is 434.

Vulnerability/
CVE-2021-41833

critical

9.8

CWE

434

11/11/2021

21/11/2024

CVE-2021-41833: Malicious File Upload

Q: Where can I find more information about CVE-2021-41833?

You can find more information about CVE-2021-41833 at the following references: [Reference 1](https://pitstop.manageengine.com/portal/en/community/topic/unauthenticated-remote-code-execution-vulnerability-solved) and [Reference 2](https://www.manageengine.com/sccm-third-party-patch-management/kb/unauthenticated-remote-code-execution.html).

First published: Thu Nov 11 2021(Updated: )

Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Zoho ManageEngine Patch Connect Plus	<9.0.0
Zoho ManageEngine Patch Connect Plus	=9.0.0
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90001
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90063
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90064
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90065
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90066
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90067
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90068
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90069
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90070
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90071
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90072
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90073
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90074
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90075
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90076
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90077
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90078
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90079
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90080
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90081
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90082
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90083
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90084
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90085
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90086
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90087
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90088
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90089
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90090
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90091
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90092
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90093
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90094
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90095
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90096
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90097
Zoho ManageEngine Patch Connect Plus	=9.0.0-build90098

Remedy

https://pitstop.manageengine.com/portal/en/community/topic/unauthenticated-remote-code-execution-vulnerability-solved

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-41833?
The severity of CVE-2021-41833 is critical.
How does CVE-2021-41833 affect Zoho ManageEngine Patch Connect Plus?
CVE-2021-41833 allows unauthenticated remote code execution in Zoho ManageEngine Patch Connect Plus version 9.0.0.
How can I fix CVE-2021-41833?
To fix CVE-2021-41833, you should update Zoho ManageEngine Patch Connect Plus to version 9.0.0-build90099 or higher.
What is the Common Weakness Enumeration (CWE) ID of CVE-2021-41833?
The Common Weakness Enumeration (CWE) ID of CVE-2021-41833 is 434.
Where can I find more information about CVE-2021-41833?
You can find more information about CVE-2021-41833 at the following references: [Reference 1](https://pitstop.manageengine.com/portal/en/community/topic/unauthenticated-remote-code-execution-vulnerability-solved) and [Reference 2](https://www.manageengine.com/sccm-third-party-patch-management/kb/unauthenticated-remote-code-execution.html).

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/remedy
agent/description
agent/first-publish-date
agent/last-modified-date
agent/author
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/zohocorp
canonical/zoho manageengine patch connect plus
version/zoho manageengine patch connect plus/9.0.0
version/zoho manageengine patch connect plus/9.0.0-build90001
version/zoho manageengine patch connect plus/9.0.0-build90063
version/zoho manageengine patch connect plus/9.0.0-build90064
version/zoho manageengine patch connect plus/9.0.0-build90065
version/zoho manageengine patch connect plus/9.0.0-build90066
version/zoho manageengine patch connect plus/9.0.0-build90067
version/zoho manageengine patch connect plus/9.0.0-build90068
version/zoho manageengine patch connect plus/9.0.0-build90069
version/zoho manageengine patch connect plus/9.0.0-build90070
version/zoho manageengine patch connect plus/9.0.0-build90071
version/zoho manageengine patch connect plus/9.0.0-build90072
version/zoho manageengine patch connect plus/9.0.0-build90073
version/zoho manageengine patch connect plus/9.0.0-build90074
version/zoho manageengine patch connect plus/9.0.0-build90075
version/zoho manageengine patch connect plus/9.0.0-build90076
version/zoho manageengine patch connect plus/9.0.0-build90077
version/zoho manageengine patch connect plus/9.0.0-build90078
version/zoho manageengine patch connect plus/9.0.0-build90079
version/zoho manageengine patch connect plus/9.0.0-build90080
version/zoho manageengine patch connect plus/9.0.0-build90081
version/zoho manageengine patch connect plus/9.0.0-build90082
version/zoho manageengine patch connect plus/9.0.0-build90083
version/zoho manageengine patch connect plus/9.0.0-build90084
version/zoho manageengine patch connect plus/9.0.0-build90085
version/zoho manageengine patch connect plus/9.0.0-build90086
version/zoho manageengine patch connect plus/9.0.0-build90087
version/zoho manageengine patch connect plus/9.0.0-build90088
version/zoho manageengine patch connect plus/9.0.0-build90089
version/zoho manageengine patch connect plus/9.0.0-build90090
version/zoho manageengine patch connect plus/9.0.0-build90091
version/zoho manageengine patch connect plus/9.0.0-build90092
version/zoho manageengine patch connect plus/9.0.0-build90093
version/zoho manageengine patch connect plus/9.0.0-build90094
version/zoho manageengine patch connect plus/9.0.0-build90095
version/zoho manageengine patch connect plus/9.0.0-build90096
version/zoho manageengine patch connect plus/9.0.0-build90097
version/zoho manageengine patch connect plus/9.0.0-build90098

CVE-2021-41833: Malicious File Upload

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-41833?

How does CVE-2021-41833 affect Zoho ManageEngine Patch Connect Plus?

How can I fix CVE-2021-41833?

What is the Common Weakness Enumeration (CWE) ID of CVE-2021-41833?

Where can I find more information about CVE-2021-41833?

Company

Resources

Contact