{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-15T19:10:38.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.manageengine.com/analytics-plus/release-notes.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-21642", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.manageengine.com/analytics-plus/release-notes.html", "refsource": "MISC", "url": "https://www.manageengine.com/analytics-plus/release-notes.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T14:30:33.395Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.manageengine.com/analytics-plus/release-notes.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-21642", "datePublished": "2022-08-15T19:10:38.000Z", "dateReserved": "2020-08-13T00:00:00.000Z", "dateUpdated": "2024-08-04T14:30:33.395Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2900:*:*:*:*:*:*", "matchCriteriaId": "E560738D-BA16-49A0-8D1C-7D4D0B571970", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2901:*:*:*:*:*:*", "matchCriteriaId": "16FDF985-6C13-4F41-93C8-DCBB47645883", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2902:*:*:*:*:*:*", "matchCriteriaId": "7DE97DF0-96CE-4A7B-A5E7-58C4B7F37BAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2903:*:*:*:*:*:*", "matchCriteriaId": "1D1FC472-235D-463B-9A59-9937C0C25821", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2904:*:*:*:*:*:*", "matchCriteriaId": "3733DBE8-4741-4103-A70B-12DB6275C91F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2905:*:*:*:*:*:*", "matchCriteriaId": "311AB1CD-6B37-4FF5-AB2B-3731BCF0E417", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2906:*:*:*:*:*:*", "matchCriteriaId": "EEEC2F10-E03C-4BA0-8B81-9E2128E205FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:2.9:build2907:*:*:*:*:*:*", "matchCriteriaId": "E44EEEFB-9BE8-4226-B5B9-2057EEE4C2BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3000:*:*:*:*:*:*", "matchCriteriaId": "F45C215F-7B20-4D4B-A238-7F317F977AAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3010:*:*:*:*:*:*", "matchCriteriaId": "138BAA05-E17E-473B-97C1-A554DE034750", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3020:*:*:*:*:*:*", "matchCriteriaId": "37CD4DC7-DFE3-4107-A863-511CDECF3BF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3030:*:*:*:*:*:*", "matchCriteriaId": "090F322E-37E6-4F99-8DAA-459CEE033599", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3040:*:*:*:*:*:*", "matchCriteriaId": "A7ABF80F-04E1-4F26-9ADD-B9FE2B05DDAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.0:build3050:*:*:*:*:*:*", "matchCriteriaId": "F51FA923-1507-4CF5-B9A8-B3C55A1917AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3100:*:*:*:*:*:*", "matchCriteriaId": "439C788F-9FE1-4E6A-AC22-726652001028", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3110:*:*:*:*:*:*", "matchCriteriaId": "8ADD3A92-CD4A-46AB-B205-30869D035191", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3120:*:*:*:*:*:*", "matchCriteriaId": "FE3DF13A-C027-419D-93C1-A845AA7F1552", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3130:*:*:*:*:*:*", "matchCriteriaId": "6CC22120-DF5D-4863-B648-8E2CCE69844A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.1:build3140:*:*:*:*:*:*", "matchCriteriaId": "316BBCB1-46F2-47C9-A807-D6720A7E677F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3200:*:*:*:*:*:*", "matchCriteriaId": "5DA84E03-C267-4D3A-A1AA-8B070AD07EB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.2:build3250:*:*:*:*:*:*", "matchCriteriaId": "CFAE91BB-C0A2-482B-9904-60A776CD7610", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3300:*:*:*:*:*:*", "matchCriteriaId": "55C5AE5F-09B2-44B8-8818-31B863A979A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.3:build3310:*:*:*:*:*:*", "matchCriteriaId": "B00DD389-28E4-4B57-B55D-79A4604F970D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3400:*:*:*:*:*:*", "matchCriteriaId": "E24FE5AC-A721-4B01-AFE9-90FC4F535B8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.4:build3450:*:*:*:*:*:*", "matchCriteriaId": "B908B183-3DCD-4658-9D84-94C23BDCAEED", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.5:build3500:*:*:*:*:*:*", "matchCriteriaId": "7FBEA846-F937-4B71-86AB-D786E631FB23", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.6:build3600:*:*:*:*:*:*", "matchCriteriaId": "C6F662E1-DCE9-4E10-B753-55BF9F50F0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.7:build3700:*:*:*:*:*:*", "matchCriteriaId": "E0B20DF8-5B0F-49C4-A307-DDF541B4470D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.8:build3800:*:*:*:*:*:*", "matchCriteriaId": "70B9745B-700D-48AD-96B2-D82C7B7ACD15", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3900:*:*:*:*:*:*", "matchCriteriaId": "56F11468-3230-4EE1-8C8F-A81140AB1687", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:3.9:build3950:*:*:*:*:*:*", "matchCriteriaId": "2227A675-F820-4317-8D58-12B5FF52BE1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.0:build4000:*:*:*:*:*:*", "matchCriteriaId": "B42E54F2-993A-4E4F-A27E-7D7AA6D065DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4100:*:*:*:*:*:*", "matchCriteriaId": "D774A609-56FE-4CAD-B60A-AC0260CADC1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.1:build4150:*:*:*:*:*:*", "matchCriteriaId": "A3BB7CF2-FB25-422D-A958-40905E3B325A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4200:*:*:*:*:*:*", "matchCriteriaId": "4B3C2AD0-5C5B-410C-AAB2-F4B8CA857D3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4250:*:*:*:*:*:*", "matchCriteriaId": "F165A880-33C4-4717-AED4-2BD498A33CB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4260:*:*:*:*:*:*", "matchCriteriaId": "8C259FB2-4EAE-40BE-8955-A31883338F3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4270:*:*:*:*:*:*", "matchCriteriaId": "83B4220E-42D1-4CC7-843E-BA93C7C27A7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.2:build4280:*:*:*:*:*:*", "matchCriteriaId": "40582AD8-FB0D-4F82-AB79-074D61C6C842", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4300:*:*:*:*:*:*", "matchCriteriaId": "C2DA2F0D-87A6-4CA3-8F5D-98BB7AF8C70B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_analytics_plus:4.3:build4310:*:*:*:*:*:*", "matchCriteriaId": "18CA8B82-AE2C-48D0-AE29-CC969AFCA704", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code."}, {"lang": "es", "value": "Una vulnerabilidad de Salto de Directorio en el par\u00e1metro ZDBQAREFSUBDIR en la API /zropusermgmt en Zoho ManageEngine Analytics Plus versiones anteriores a 4350, permite a atacantes remotos ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2020-21642", "lastModified": "2024-11-21T05:12:44.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-15T20:15:08.970", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.manageengine.com/analytics-plus/release-notes.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.manageengine.com/analytics-plus/release-notes.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}