critical
9.8
CWE
287
Advisory Published
Updated

CVE-2021-44525

First published: Mon Dec 20 2021(Updated: )

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zohocorp ManageEngine PAM360=4.0
Zohocorp ManageEngine PAM360=4.0-build4001
Zohocorp ManageEngine PAM360=4.0-build4002
Zohocorp ManageEngine PAM360=4.1
Zohocorp ManageEngine PAM360=4.1-build4100
Zohocorp ManageEngine PAM360=4.1-build4101
Zohocorp ManageEngine PAM360=4.5
Zohocorp ManageEngine PAM360=4.5-build4500
Zohocorp ManageEngine PAM360=4.5-build4501
Zohocorp ManageEngine PAM360=5.0
Zohocorp ManageEngine PAM360=5.0-build5000
Zohocorp ManageEngine PAM360=5.0-build5001
Zohocorp ManageEngine PAM360=5.0-build5002
Zohocorp ManageEngine PAM360=5.0-build5003
Zohocorp ManageEngine PAM360=5.0-build5004
Zohocorp ManageEngine PAM360=5.1
Zohocorp ManageEngine PAM360=5.1-build5100
Zohocorp ManageEngine PAM360=5.2
Zohocorp ManageEngine PAM360=5.2-build5200
Zohocorp ManageEngine PAM360=5.3
Zohocorp ManageEngine PAM360=5.3-build5300
Zohocorp ManageEngine PAM360=5.3-build5301
Zohocorp ManageEngine PAM360=5.3-build5302
=4.0
=4.0-build4001
=4.0-build4002
=4.1
=4.1-build4100
=4.1-build4101
=4.5
=4.5-build4500
=4.5-build4501
=5.0
=5.0-build5000
=5.0-build5001
=5.0-build5002
=5.0-build5003
=5.0-build5004
=5.1
=5.1-build5100
=5.2
=5.2-build5200
=5.3
=5.3-build5300
=5.3-build5301
=5.3-build5302

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-44525?

    The severity of CVE-2021-44525 is critical with a score of 9.8.

  • How can attackers exploit CVE-2021-44525?

    Attackers can exploit CVE-2021-44525 by bypassing the authentication filter and modifying certain aspects of the application state.

  • Which versions of Zoho ManageEngine PAM360 are affected by CVE-2021-44525?

    Zoho ManageEngine PAM360 versions 4.0 to 5.3 are affected by CVE-2021-44525.

  • Is authentication required to exploit CVE-2021-44525 in Zoho ManageEngine PAM360?

    No, authentication is not required to exploit CVE-2021-44525 in Zoho ManageEngine PAM360.

  • How can I fix CVE-2021-44525 in Zoho ManageEngine PAM360?

    To fix CVE-2021-44525 in Zoho ManageEngine PAM360, update to build 5303 or a later version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203