critical
9.8
CWE
434
Advisory Published
Updated

CVE-2021-42099: Malicious File Upload

First published: Tue Nov 30 2021(Updated: )

Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
ManageEngine M365 Manager Plus
ManageEngine M365 Manager Plus=build_4000
ManageEngine M365 Manager Plus=build_4001
ManageEngine M365 Manager Plus=build_4002
ManageEngine M365 Manager Plus=build_4003
ManageEngine M365 Manager Plus=build_4004
ManageEngine M365 Manager Plus=build_4005
ManageEngine M365 Manager Plus=build_4007
ManageEngine M365 Manager Plus=build_4008
ManageEngine M365 Manager Plus=build_4009
ManageEngine M365 Manager Plus=build_4010
ManageEngine M365 Manager Plus=build_4011
ManageEngine M365 Manager Plus=build_4012
ManageEngine M365 Manager Plus=build_4013
ManageEngine M365 Manager Plus=build_4014
ManageEngine M365 Manager Plus=build_4100
ManageEngine M365 Manager Plus=build_4101
ManageEngine M365 Manager Plus=build_4102
ManageEngine M365 Manager Plus=build_4103
ManageEngine M365 Manager Plus=build_4104
ManageEngine M365 Manager Plus=build_4105
ManageEngine M365 Manager Plus=build_4106
ManageEngine M365 Manager Plus=build_4108
ManageEngine M365 Manager Plus=build_4109
ManageEngine M365 Manager Plus=build_4110
ManageEngine M365 Manager Plus=build_4111
ManageEngine M365 Manager Plus=build_4112
ManageEngine M365 Manager Plus=build_4113
ManageEngine M365 Manager Plus=build_4115
ManageEngine M365 Manager Plus=build_4116
ManageEngine M365 Manager Plus=build_4117
ManageEngine M365 Manager Plus=build_4118
ManageEngine M365 Manager Plus=build_4119
ManageEngine M365 Manager Plus=build_4200
ManageEngine M365 Manager Plus=build_4201
ManageEngine M365 Manager Plus=build_4202
ManageEngine M365 Manager Plus=build_4203
ManageEngine M365 Manager Plus=build_4204
ManageEngine M365 Manager Plus=build_4205
ManageEngine M365 Manager Plus=build_4206
ManageEngine M365 Manager Plus=build_4207
ManageEngine M365 Manager Plus=build_4208
ManageEngine M365 Manager Plus=build_4209
ManageEngine M365 Manager Plus=build_4210
ManageEngine M365 Manager Plus=build_4211
ManageEngine M365 Manager Plus=build_4212
ManageEngine M365 Manager Plus=build_4213
ManageEngine M365 Manager Plus=build_4214
ManageEngine M365 Manager Plus=build_4215
ManageEngine M365 Manager Plus=build_4216
ManageEngine M365 Manager Plus=build_4217
ManageEngine M365 Manager Plus=build_4218
ManageEngine M365 Manager Plus=build_4219
ManageEngine M365 Manager Plus=build_4220
ManageEngine M365 Manager Plus=build_4221
ManageEngine M365 Manager Plus=build_4222
ManageEngine M365 Manager Plus=build_4300
ManageEngine M365 Manager Plus=build_4301
ManageEngine M365 Manager Plus=build_4302
ManageEngine M365 Manager Plus=build_4303
ManageEngine M365 Manager Plus=build_4304
ManageEngine M365 Manager Plus=build_4305
ManageEngine M365 Manager Plus=build_4306
ManageEngine M365 Manager Plus=build_4308
ManageEngine M365 Manager Plus=build_4309
ManageEngine M365 Manager Plus=build_4310
ManageEngine M365 Manager Plus=build_4311
ManageEngine M365 Manager Plus=build_4312
ManageEngine M365 Manager Plus=build_4316
ManageEngine M365 Manager Plus=build_4317
ManageEngine M365 Manager Plus=build_4318
ManageEngine M365 Manager Plus=build_4319
ManageEngine M365 Manager Plus=build_4320
ManageEngine M365 Manager Plus=build_4321
ManageEngine M365 Manager Plus=build_4322
ManageEngine M365 Manager Plus=build_4324
ManageEngine M365 Manager Plus=build_4325
ManageEngine M365 Manager Plus=build_4327
ManageEngine M365 Manager Plus=build_4328
ManageEngine M365 Manager Plus=build_4329
ManageEngine M365 Manager Plus=build_4330
ManageEngine M365 Manager Plus=build_4331
ManageEngine M365 Manager Plus=build_4332
ManageEngine M365 Manager Plus=build_4333
ManageEngine M365 Manager Plus=build_4334
ManageEngine M365 Manager Plus=build_4335
ManageEngine M365 Manager Plus=build_4336
ManageEngine M365 Manager Plus=build_4400
ManageEngine M365 Manager Plus=build_4401
ManageEngine M365 Manager Plus=build_4402
ManageEngine M365 Manager Plus=build_4403
ManageEngine M365 Manager Plus=build_4406
ManageEngine M365 Manager Plus=build_4407
ManageEngine M365 Manager Plus=build_4408
ManageEngine M365 Manager Plus=build_4410
ManageEngine M365 Manager Plus=build_4411
ManageEngine M365 Manager Plus=build_4412
ManageEngine M365 Manager Plus=build_4413
ManageEngine M365 Manager Plus=build_4414
ManageEngine M365 Manager Plus=build_4415
ManageEngine M365 Manager Plus=build_4416
ManageEngine M365 Manager Plus=build_4417
ManageEngine M365 Manager Plus=build_4418
ManageEngine M365 Manager Plus=build_4419

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-42099?

    CVE-2021-42099 is classified as a high severity vulnerability due to its potential for remote code execution.

  • How do I fix CVE-2021-42099?

    To mitigate CVE-2021-42099, upgrade to ManageEngine M365 Manager Plus version 4421 or later.

  • What type of vulnerability is CVE-2021-42099?

    CVE-2021-42099 is a file-upload vulnerability that allows for remote code execution.

  • Which versions of ManageEngine M365 Manager Plus are affected by CVE-2021-42099?

    CVE-2021-42099 affects ManageEngine M365 Manager Plus versions prior to 4421.

  • What are the potential consequences of exploiting CVE-2021-42099?

    Exploitation of CVE-2021-42099 could allow an attacker to execute arbitrary code on the affected system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203