CVE-2021-40178 - Vulnerability Details

Vendors	Products
Zohocorp	Manageengine Log360

Link	Providers
https://www.manageengine.com/log-management/readme.html#Build%205224

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-29T19:17:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.manageengine.com/log-management/readme.html#Build%205224"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-40178", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.manageengine.com/log-management/readme.html#Build%205224", "refsource": "MISC", "url": "https://www.manageengine.com/log-management/readme.html#Build%205224"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:27:31.833Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.manageengine.com/log-management/readme.html#Build%205224"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-40178", "datePublished": "2021-08-29T19:17:14", "dateReserved": "2021-08-29T00:00:00", "dateUpdated": "2024-08-04T02:27:31.833Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-08-29T19:17:14 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.manageengine.com/log-management/readme.html#Build%205224 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2021-40178 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.manageengine.com/log-management/readme.html#Build%205224 (string)

refsource : MISC (string)

url : https://www.manageengine.com/log-management/readme.html#Build%205224 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T02:27:31.833Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.manageengine.com/log-management/readme.html#Build%205224 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2021-40178 (string)

datePublished : 2021-08-29T19:17:14 (string)

dateReserved : 2021-08-29T00:00:00 (string)

dateUpdated : 2024-08-04T02:27:31.833Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*", "matchCriteriaId": "D62989B4-8886-4156-B87A-2F36F30BC455", "versionEndIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5200:*:*:*:*:*:*", "matchCriteriaId": "1AFA528B-9C57-4930-8391-F12A6F386D4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5201:*:*:*:*:*:*", "matchCriteriaId": "9E07B6A1-63EB-44D4-A431-9BF9AF60954D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5206:*:*:*:*:*:*", "matchCriteriaId": "A7A91410-3EC7-4761-9439-E3467B3DDA75", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5209:*:*:*:*:*:*", "matchCriteriaId": "6D46EB27-A650-4507-8B26-BC92F6F9B5CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5210:*:*:*:*:*:*", "matchCriteriaId": "1AFC647F-8C4F-4D5F-AD59-36A4CEBB11DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5211:*:*:*:*:*:*", "matchCriteriaId": "19C2B0C9-2F52-4EA4-84D8-592250759063", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5213:*:*:*:*:*:*", "matchCriteriaId": "AC6BAA48-FF20-43D5-B037-8F719ABCD266", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5214:*:*:*:*:*:*", "matchCriteriaId": "458C296F-F5B7-44D1-8744-43EC3511A697", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5218:*:*:*:*:*:*", "matchCriteriaId": "FA515F69-0E72-495E-8932-5E3B4751B38D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5219:*:*:*:*:*:*", "matchCriteriaId": "C0C594F6-46B9-4947-9B21-6BCE81C97C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5220_beta:*:*:*:*:*:*", "matchCriteriaId": "73AF59C3-7467-42D6-926A-44E5F310D9D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings."}, {"lang": "es", "value": "Zoho ManageEngine Log360 versiones anteriores al Build 5224, permite un ataque de tipo XSS almacenado por medio del valor de la clave LOGO_PATH en la configuraci\u00f3n de inicio de sesi\u00f3n."}], "id": "CVE-2021-40178", "lastModified": "2024-11-21T06:23:44.370", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-29T20:15:07.500", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.manageengine.com/log-management/readme.html#Build%205224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.manageengine.com/log-management/readme.html#Build%205224"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D62989B4-8886-4156-B87A-2F36F30BC455 (string)

versionEndIncluding : 5.1 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5200:*:*:*:*:*:* (string)

matchCriteriaId : 1AFA528B-9C57-4930-8391-F12A6F386D4D (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5201:*:*:*:*:*:* (string)

matchCriteriaId : 9E07B6A1-63EB-44D4-A431-9BF9AF60954D (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5206:*:*:*:*:*:* (string)

matchCriteriaId : A7A91410-3EC7-4761-9439-E3467B3DDA75 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5209:*:*:*:*:*:* (string)

matchCriteriaId : 6D46EB27-A650-4507-8B26-BC92F6F9B5CC (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5210:*:*:*:*:*:* (string)

matchCriteriaId : 1AFC647F-8C4F-4D5F-AD59-36A4CEBB11DC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5211:*:*:*:*:*:* (string)

matchCriteriaId : 19C2B0C9-2F52-4EA4-84D8-592250759063 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5213:*:*:*:*:*:* (string)

matchCriteriaId : AC6BAA48-FF20-43D5-B037-8F719ABCD266 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5214:*:*:*:*:*:* (string)

matchCriteriaId : 458C296F-F5B7-44D1-8744-43EC3511A697 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5218:*:*:*:*:*:* (string)

matchCriteriaId : FA515F69-0E72-495E-8932-5E3B4751B38D (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5219:*:*:*:*:*:* (string)

matchCriteriaId : C0C594F6-46B9-4947-9B21-6BCE81C97C5B (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:zohocorp:manageengine_log360:5.2:build5220_beta:*:*:*:*:*:* (string)

matchCriteriaId : 73AF59C3-7467-42D6-926A-44E5F310D9D9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. (string)

}

1 : { »

lang : es (string)

value : Zoho ManageEngine Log360 versiones anteriores al Build 5224, permite un ataque de tipo XSS almacenado por medio del valor de la clave LOGO_PATH en la configuración de inicio de sesión. (string)

}

]

id : CVE-2021-40178 (string)

lastModified : 2024-11-21T06:23:44.370 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-08-29T20:15:07.500 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.manageengine.com/log-management/readme.html#Build%205224 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.manageengine.com/log-management/readme.html#Build%205224 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object