CVE-2021-20136

ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-48 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5233:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5234:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_log360:5.3:build5232:*:*:*:*:*:*

Information

Published : 2021-11-01 09:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-20136

Mitre link : CVE-2021-20136

Products Affected
No products.
CWE