CVE-2021-41833: Malicious File Upload
First published: Thu Nov 11 2021(Updated: )
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zohocorp Manageengine Patch Connect Plus | <9.0.0 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90001 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90063 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90064 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90065 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90066 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90067 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90068 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90069 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90070 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90071 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90072 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90073 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90074 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90075 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90076 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90077 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90078 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90079 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90080 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90081 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90082 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90083 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90084 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90085 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90086 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90087 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90088 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90089 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90090 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90091 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90092 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90093 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90094 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90095 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90096 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90097 | |
| Zohocorp Manageengine Patch Connect Plus | =9.0.0-build90098 | |
| <9.0.0 | ||
| =9.0.0 | ||
| =9.0.0-build90001 | ||
| =9.0.0-build90063 | ||
| =9.0.0-build90064 | ||
| =9.0.0-build90065 | ||
| =9.0.0-build90066 | ||
| =9.0.0-build90067 | ||
| =9.0.0-build90068 | ||
| =9.0.0-build90069 | ||
| =9.0.0-build90070 | ||
| =9.0.0-build90071 | ||
| =9.0.0-build90072 | ||
| =9.0.0-build90073 | ||
| =9.0.0-build90074 | ||
| =9.0.0-build90075 | ||
| =9.0.0-build90076 | ||
| =9.0.0-build90077 | ||
| =9.0.0-build90078 | ||
| =9.0.0-build90079 | ||
| =9.0.0-build90080 | ||
| =9.0.0-build90081 | ||
| =9.0.0-build90082 | ||
| =9.0.0-build90083 | ||
| =9.0.0-build90084 | ||
| =9.0.0-build90085 | ||
| =9.0.0-build90086 | ||
| =9.0.0-build90087 | ||
| =9.0.0-build90088 | ||
| =9.0.0-build90089 | ||
| =9.0.0-build90090 | ||
| =9.0.0-build90091 | ||
| =9.0.0-build90092 | ||
| =9.0.0-build90093 | ||
| =9.0.0-build90094 | ||
| =9.0.0-build90095 | ||
| =9.0.0-build90096 | ||
| =9.0.0-build90097 | ||
| =9.0.0-build90098 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-41833?
The severity of CVE-2021-41833 is critical.
How does CVE-2021-41833 affect Zoho ManageEngine Patch Connect Plus?
CVE-2021-41833 allows unauthenticated remote code execution in Zoho ManageEngine Patch Connect Plus version 9.0.0.
How can I fix CVE-2021-41833?
To fix CVE-2021-41833, you should update Zoho ManageEngine Patch Connect Plus to version 9.0.0-build90099 or higher.
What is the Common Weakness Enumeration (CWE) ID of CVE-2021-41833?
The Common Weakness Enumeration (CWE) ID of CVE-2021-41833 is 434.
Where can I find more information about CVE-2021-41833?
You can find more information about CVE-2021-41833 at the following references: [Reference 1](https://pitstop.manageengine.com/portal/en/community/topic/unauthenticated-remote-code-execution-vulnerability-solved) and [Reference 2](https://www.manageengine.com/sccm-third-party-patch-management/kb/unauthenticated-remote-code-execution.html).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/zohocorp
- canonical/zohocorp manageengine patch connect plus
- version/zohocorp manageengine patch connect plus/9.0.0
- version/zohocorp manageengine patch connect plus/9.0.0-build90001
- version/zohocorp manageengine patch connect plus/9.0.0-build90063
- version/zohocorp manageengine patch connect plus/9.0.0-build90064
- version/zohocorp manageengine patch connect plus/9.0.0-build90065
- version/zohocorp manageengine patch connect plus/9.0.0-build90066
- version/zohocorp manageengine patch connect plus/9.0.0-build90067
- version/zohocorp manageengine patch connect plus/9.0.0-build90068
- version/zohocorp manageengine patch connect plus/9.0.0-build90069
- version/zohocorp manageengine patch connect plus/9.0.0-build90070
- version/zohocorp manageengine patch connect plus/9.0.0-build90071
- version/zohocorp manageengine patch connect plus/9.0.0-build90072
- version/zohocorp manageengine patch connect plus/9.0.0-build90073
- version/zohocorp manageengine patch connect plus/9.0.0-build90074
- version/zohocorp manageengine patch connect plus/9.0.0-build90075
- version/zohocorp manageengine patch connect plus/9.0.0-build90076
- version/zohocorp manageengine patch connect plus/9.0.0-build90077
- version/zohocorp manageengine patch connect plus/9.0.0-build90078
- version/zohocorp manageengine patch connect plus/9.0.0-build90079
- version/zohocorp manageengine patch connect plus/9.0.0-build90080
- version/zohocorp manageengine patch connect plus/9.0.0-build90081
- version/zohocorp manageengine patch connect plus/9.0.0-build90082
- version/zohocorp manageengine patch connect plus/9.0.0-build90083
- version/zohocorp manageengine patch connect plus/9.0.0-build90084
- version/zohocorp manageengine patch connect plus/9.0.0-build90085
- version/zohocorp manageengine patch connect plus/9.0.0-build90086
- version/zohocorp manageengine patch connect plus/9.0.0-build90087
- version/zohocorp manageengine patch connect plus/9.0.0-build90088
- version/zohocorp manageengine patch connect plus/9.0.0-build90089
- version/zohocorp manageengine patch connect plus/9.0.0-build90090
- version/zohocorp manageengine patch connect plus/9.0.0-build90091
- version/zohocorp manageengine patch connect plus/9.0.0-build90092
- version/zohocorp manageengine patch connect plus/9.0.0-build90093
- version/zohocorp manageengine patch connect plus/9.0.0-build90094
- version/zohocorp manageengine patch connect plus/9.0.0-build90095
- version/zohocorp manageengine patch connect plus/9.0.0-build90096
- version/zohocorp manageengine patch connect plus/9.0.0-build90097
- version/zohocorp manageengine patch connect plus/9.0.0-build90098