First published: Mon Dec 20 2021(Updated: )
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zohocorp Manageengine Access Manager Plus | =4.1-build4100 | |
Zohocorp Manageengine Access Manager Plus | =4.1-build4101 | |
Zohocorp Manageengine Access Manager Plus | =4.2-build4200 | |
Zohocorp Manageengine Access Manager Plus | =4.2-build4201 | |
Zohocorp Manageengine Access Manager Plus | =4.2-build4202 | |
=4.1-build4100 | ||
=4.1-build4101 | ||
=4.2-build4200 | ||
=4.2-build4201 | ||
=4.2-build4202 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-44676 is a vulnerability in Zoho ManageEngine Access Manager Plus that allows anyone to view certain data elements and modify aspects of the application state.
CVE-2021-44676 has a severity rating of 9.8 out of 10, indicating it is critical.
CVE-2021-44676 affects Zoho ManageEngine Access Manager Plus versions 4.1-build4100, 4.1-build4101, 4.2-build4200, 4.2-build4201, and 4.2-build4202.
To fix CVE-2021-44676, it is recommended to upgrade Zoho ManageEngine Access Manager Plus to version 4.2-build4203 or later.
You can find more information about CVE-2021-44676 on the Zoho ManageEngine website and the security advisory page provided.