cve-2020-21642
Vulnerability from cvelistv5
Published
2022-08-15 19:10
Modified
2024-08-04 14:30
Severity ?
EPSS score ?
Summary
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.manageengine.com/analytics-plus/release-notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.manageengine.com/analytics-plus/release-notes.html | Release Notes, Vendor Advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:30:33.395Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.manageengine.com/analytics-plus/release-notes.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-15T19:10:38", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.manageengine.com/analytics-plus/release-notes.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-21642", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.manageengine.com/analytics-plus/release-notes.html", refsource: "MISC", url: "https://www.manageengine.com/analytics-plus/release-notes.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-21642", datePublished: "2022-08-15T19:10:38", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:30:33.395Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2020-21642\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-08-15T20:15:08.970\",\"lastModified\":\"2024-11-21T05:12:44.610\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Salto de Directorio en el parámetro ZDBQAREFSUBDIR en la API /zropusermgmt en Zoho ManageEngine Analytics Plus versiones anteriores a 4350, permite a atacantes remotos ejecutar código arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2900:*:*:*:*:*:*\",\"matchCriteriaId\":\"E560738D-BA16-49A0-8D1C-7D4D0B571970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2901:*:*:*:*:*:*\",\"matchCriteriaId\":\"16FDF985-6C13-4F41-93C8-DCBB47645883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2902:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DE97DF0-96CE-4A7B-A5E7-58C4B7F37BAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2903:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D1FC472-235D-463B-9A59-9937C0C25821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2904:*:*:*:*:*:*\",\"matchCriteriaId\":\"3733DBE8-4741-4103-A70B-12DB6275C91F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2905:*:*:*:*:*:*\",\"matchCriteriaId\":\"311AB1CD-6B37-4FF5-AB2B-3731BCF0E417\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2906:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEEC2F10-E03C-4BA0-8B81-9E2128E205FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2907:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44EEEFB-9BE8-4226-B5B9-2057EEE4C2BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3000:*:*:*:*:*:*\",\"matchCriteriaId\":\"F45C215F-7B20-4D4B-A238-7F317F977AAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3010:*:*:*:*:*:*\",\"matchCriteriaId\":\"138BAA05-E17E-473B-97C1-A554DE034750\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3020:*:*:*:*:*:*\",\"matchCriteriaId\":\"37CD4DC7-DFE3-4107-A863-511CDECF3BF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3030:*:*:*:*:*:*\",\"matchCriteriaId\":\"090F322E-37E6-4F99-8DAA-459CEE033599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3040:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7ABF80F-04E1-4F26-9ADD-B9FE2B05DDAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3050:*:*:*:*:*:*\",\"matchCriteriaId\":\"F51FA923-1507-4CF5-B9A8-B3C55A1917AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3100:*:*:*:*:*:*\",\"matchCriteriaId\":\"439C788F-9FE1-4E6A-AC22-726652001028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3110:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ADD3A92-CD4A-46AB-B205-30869D035191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3120:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE3DF13A-C027-419D-93C1-A845AA7F1552\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3130:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CC22120-DF5D-4863-B648-8E2CCE69844A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3140:*:*:*:*:*:*\",\"matchCriteriaId\":\"316BBCB1-46F2-47C9-A807-D6720A7E677F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3200:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DA84E03-C267-4D3A-A1AA-8B070AD07EB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3250:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFAE91BB-C0A2-482B-9904-60A776CD7610\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3300:*:*:*:*:*:*\",\"matchCriteriaId\":\"55C5AE5F-09B2-44B8-8818-31B863A979A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3310:*:*:*:*:*:*\",\"matchCriteriaId\":\"B00DD389-28E4-4B57-B55D-79A4604F970D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3400:*:*:*:*:*:*\",\"matchCriteriaId\":\"E24FE5AC-A721-4B01-AFE9-90FC4F535B8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3450:*:*:*:*:*:*\",\"matchCriteriaId\":\"B908B183-3DCD-4658-9D84-94C23BDCAEED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.5:build3500:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FBEA846-F937-4B71-86AB-D786E631FB23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.6:build3600:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6F662E1-DCE9-4E10-B753-55BF9F50F0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.7:build3700:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0B20DF8-5B0F-49C4-A307-DDF541B4470D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.8:build3800:*:*:*:*:*:*\",\"matchCriteriaId\":\"70B9745B-700D-48AD-96B2-D82C7B7ACD15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3900:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F11468-3230-4EE1-8C8F-A81140AB1687\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3950:*:*:*:*:*:*\",\"matchCriteriaId\":\"2227A675-F820-4317-8D58-12B5FF52BE1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.0:build4000:*:*:*:*:*:*\",\"matchCriteriaId\":\"B42E54F2-993A-4E4F-A27E-7D7AA6D065DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4100:*:*:*:*:*:*\",\"matchCriteriaId\":\"D774A609-56FE-4CAD-B60A-AC0260CADC1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4150:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3BB7CF2-FB25-422D-A958-40905E3B325A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4200:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3C2AD0-5C5B-410C-AAB2-F4B8CA857D3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4250:*:*:*:*:*:*\",\"matchCriteriaId\":\"F165A880-33C4-4717-AED4-2BD498A33CB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4260:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C259FB2-4EAE-40BE-8955-A31883338F3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4270:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B4220E-42D1-4CC7-843E-BA93C7C27A7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4280:*:*:*:*:*:*\",\"matchCriteriaId\":\"40582AD8-FB0D-4F82-AB79-074D61C6C842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4300:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2DA2F0D-87A6-4CA3-8F5D-98BB7AF8C70B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4310:*:*:*:*:*:*\",\"matchCriteriaId\":\"18CA8B82-AE2C-48D0-AE29-CC969AFCA704\"}]}]}],\"references\":[{\"url\":\"https://www.manageengine.com/analytics-plus/release-notes.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.manageengine.com/analytics-plus/release-notes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.