CVE-2021-44652

moderate-risk

Published 2022-01-12

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

Do I need to act?

~

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (15)

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Manageengine O365 Manager Plus

Affected Vendors

Zohocorp

References (2)

Vendor Advisory https://www.manageengine.com/microsoft-365-management-reporting/release-notes.ht...

Vendor Advisory https://www.manageengine.com/microsoft-365-management-reporting/release-notes.ht...

45

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 18/34 · Moderate