CVE-2021-44525

high-risk

Published 2021-12-20

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.

Do I need to act?

-

0.57% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Manageengine Pam360

Affected Vendors

Zohocorp

References (2)

Vendor Advisory https://pitstop.manageengine.com/portal/en/community/topic/title-security-adviso...

Vendor Advisory https://pitstop.manageengine.com/portal/en/community/topic/title-security-adviso...

55

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 21/34 · High