9.8

CVE-2021-44525

Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZohocorpManageengine Pam360 Version4.0
ZohocorpManageengine Pam360 Version4.0 Updatebuild4001
ZohocorpManageengine Pam360 Version4.0 Updatebuild4002
ZohocorpManageengine Pam360 Version4.1
ZohocorpManageengine Pam360 Version4.1 Updatebuild4100
ZohocorpManageengine Pam360 Version4.1 Updatebuild4101
ZohocorpManageengine Pam360 Version4.5
ZohocorpManageengine Pam360 Version4.5 Updatebuild4500
ZohocorpManageengine Pam360 Version4.5 Updatebuild4501
ZohocorpManageengine Pam360 Version5.0
ZohocorpManageengine Pam360 Version5.0 Updatebuild5000
ZohocorpManageengine Pam360 Version5.0 Updatebuild5001
ZohocorpManageengine Pam360 Version5.0 Updatebuild5002
ZohocorpManageengine Pam360 Version5.0 Updatebuild5003
ZohocorpManageengine Pam360 Version5.0 Updatebuild5004
ZohocorpManageengine Pam360 Version5.1
ZohocorpManageengine Pam360 Version5.1 Updatebuild5100
ZohocorpManageengine Pam360 Version5.2
ZohocorpManageengine Pam360 Version5.2 Updatebuild5200
ZohocorpManageengine Pam360 Version5.3
ZohocorpManageengine Pam360 Version5.3 Updatebuild5300
ZohocorpManageengine Pam360 Version5.3 Updatebuild5301
ZohocorpManageengine Pam360 Version5.3 Updatebuild5302
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.729
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.