Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-37922
CVE-2021-37922:
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Overview
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows copying of files from one directory to another. The vulnerability was identified with CVE-2021-37922 and was disclosed in October 2021 (NVD, CVE).
Technical details
The vulnerability is classified as a path traversal issue (CWE-22: Improper Limitation of a Pathname to a Restricted Directory). It received a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that it is network accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).
Impact
The vulnerability allows an attacker to copy files from one directory to another within the system. This could potentially lead to unauthorized file operations and compromise the integrity of the system's file structure (NVD).
Mitigation and workarounds
The vulnerability was addressed in version 7111 of ManageEngine ADManager Plus. Users should upgrade to this version or later to mitigate the risk (Release Notes).
Additional resources
Source: This report was generated using AI
Related Zoho ManageEngine ADManager Plus vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management