CVE-2021-37420

Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*

History

21 Nov 2024, 06:15

Type Values Removed Values Added
References () https://blog.stmcyber.com/vulns/cve-2021-37420/ - Exploit, Third Party Advisory () https://blog.stmcyber.com/vulns/cve-2021-37420/ - Exploit, Third Party Advisory
References () https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release - Patch, Vendor Advisory () https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release - Patch, Vendor Advisory
References () https://www.manageengine.com - Product, Vendor Advisory () https://www.manageengine.com - Product, Vendor Advisory

12 Jul 2022, 17:42

Type Values Removed Values Added
CWE CWE-287 CWE-306

18 Mar 2022, 20:40

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : 7.5
v2 : 4.3
v3 : 6.5
References (MISC) https://blog.stmcyber.com/vulns/cve-2021-37420/ - (MISC) https://blog.stmcyber.com/vulns/cve-2021-37420/ - Exploit, Third Party Advisory

03 Mar 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://blog.stmcyber.com/vulns/cve-2021-37420/ -

22 Feb 2022, 01:15

Type Values Removed Values Added
Summary ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.

01 Oct 2021, 01:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6111:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6101:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6110:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6103:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6107:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6108:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6100:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6104:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6102:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6106:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6105:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_admanager_plus:6.1:6109:*:*:*:*:*:*
CWE CWE-287
References (MISC) https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release - (MISC) https://pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6112-hotfix-release - Patch, Vendor Advisory
References (MISC) https://www.manageengine.com - (MISC) https://www.manageengine.com - Product, Vendor Advisory

21 Sep 2021, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-21 13:15

Updated : 2024-11-21 06:15


NVD link : CVE-2021-37420

Mitre link : CVE-2021-37420

CVE.ORG link : CVE-2021-37420


JSON object : View

Products Affected

zohocorp

  • manageengine_admanager_plus
CWE
CWE-306

Missing Authentication for Critical Function