Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-37925
CVE-2021-37925:
Zoho ManageEngine ADManager Plus vulnerability analysis and mitigation
Overview
A post-authentication OS command injection vulnerability (CVE-2021-37925) was discovered in the saveBackupScheduler method of ManageEngine ADManager Plus. This vulnerability was reported by Thai Nguyen of ECQ (ManageEngine Release Notes).
Technical details
The vulnerability exists in the saveBackupScheduler method functionality of ManageEngine ADManager Plus. It allows authenticated users to inject and execute operating system commands. The issue was fixed in a security update released in July 2021 (ManageEngine Release Notes).
Impact
When successfully exploited, this vulnerability allows authenticated attackers to execute arbitrary operating system commands on the affected system (ManageEngine Release Notes).
Mitigation and workarounds
ManageEngine addressed this vulnerability in a security update. Organizations using ADManager Plus should upgrade to a patched version of the software to mitigate this vulnerability (ManageEngine Release Notes).
Additional resources
Source: This report was generated using AI
Related Zoho ManageEngine ADManager Plus vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management