CVE-2021-41081

CVSS V2 High 7.5 CVSS V3 Critical 9.8
Description
Zoho ManageEngine Network Configuration Manager before ??125465 is vulnerable to SQL Injection in a configuration search.
Overview
  • CVE ID
  • CVE-2021-41081
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-11-11T05:15:09
  • Last Modified Date
  • 2023-02-22T18:00:03
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:*:*:*:*:*:*:*:* 1 OR 12.4 12.5
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123123:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123129:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123137:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123151:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123156:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123159:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123169:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123177:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123179:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123191:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123194:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123206:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123207:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123214:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123215:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123217:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123218:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123222:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123223:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123231:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123237:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123239:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123274:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123277:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123279:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123288:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123304:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123306:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123312:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123323:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.3:build123327:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125000:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125108:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125112:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125115:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125116:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125120:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125121:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125125:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125129:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125136:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125142:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125149:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125180:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125195:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125199:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125212:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125213:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125216:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125228:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125232:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125233:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125234:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125323:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125325:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125327:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125329:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125343:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125345:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125358:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125362:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125363:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125378:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125392:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125399:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125417:*:*:*:*:*:* 1 OR
cpe:2.3:a:zohocorp:manageengine_network_configuration_manager:12.5:build125445:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.manageengine.com/network-configuration-manager/security-updates/cve-2021-41081.html Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-41081
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41081
History
Created Old Value New Value Data Type Notes
2022-05-10 06:47:19 Added to TrackCVE
2022-12-05 14:20:29 2021-11-11T05:15Z 2021-11-11T05:15:09 CVE Published Date updated
2022-12-05 14:20:29 2022-09-10T02:36:49 CVE Modified Date updated
2022-12-05 14:20:29 Analyzed Vulnerability Status updated
2023-01-25 03:13:41 2023-01-25T01:58:10 CVE Modified Date updated
2023-01-25 03:13:41 Analyzed Modified Vulnerability Status updated
2023-01-25 15:11:48 Modified Undergoing Analysis Vulnerability Status updated
2023-02-22 18:11:38 2023-02-22T18:00:03 CVE Modified Date updated
2023-02-22 18:11:38 Undergoing Analysis Analyzed Vulnerability Status updated