CVE-2021-42099
Descriptions du CVE
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Unrestricted Upload of File with Dangerous Type The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V3.1 | 9.8 | CRITICAL |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
More informations
Base: Exploitabilty MetricsThe Exploitability metrics reflect the characteristics of the thing that is vulnerable, which we refer to formally as the vulnerable component. Attack Vector This metric reflects the context by which vulnerability exploitation is possible. Network The vulnerable component is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). Attack Complexity This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Low Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component. Privileges Required This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. None The attacker is unauthorized prior to attack, and therefore does not require any access to settings or files of the vulnerable system to carry out an attack. User Interaction This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. None The vulnerable system can be exploited without interaction from any user. Base: Scope MetricsThe Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. Scope Formally, a security authority is a mechanism (e.g., an application, an operating system, firmware, a sandbox environment) that defines and enforces access control in terms of how certain subjects/actors (e.g., human users, processes) can access certain restricted objects/resources (e.g., files, CPU, memory) in a controlled manner. All the subjects and objects under the jurisdiction of a single security authority are considered to be under one security scope. If a vulnerability in a vulnerable component can affect a component which is in a different security scope than the vulnerable component, a Scope change occurs. Intuitively, whenever the impact of a vulnerability breaches a security/trust boundary and impacts components outside the security scope in which vulnerable component resides, a Scope change occurs. Unchanged An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority. Base: Impact MetricsThe Impact metrics capture the effects of a successfully exploited vulnerability on the component that suffers the worst outcome that is most directly and predictably associated with the attack. Analysts should constrain impacts to a reasonable, final outcome which they are confident an attacker is able to achieve. Confidentiality Impact This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. High There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact. For example, an attacker steals the administrator's password, or private encryption keys of a web server. Integrity Impact This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. High There is a total loss of integrity, or a complete loss of protection. For example, the attacker is able to modify any/all files protected by the impacted component. Alternatively, only some files can be modified, but malicious modification would present a direct, serious consequence to the impacted component. Availability Impact This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. High There is a total loss of availability, resulting in the attacker being able to fully deny access to resources in the impacted component; this loss is either sustained (while the attacker continues to deliver the attack) or persistent (the condition persists even after the attack has completed). Alternatively, the attacker has the ability to deny some availability, but the loss of availability presents a direct, serious consequence to the impacted component (e.g., the attacker cannot disrupt existing connections, but can prevent new connections; the attacker can repeatedly exploit a vulnerability that, in each instance of a successful attack, leaks a only small amount of memory, but after repeated exploitation causes a service to become completely unavailable). Temporal MetricsThe Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence in the description of a vulnerability. Environmental MetricsThese metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user’s organization, measured in terms of Confidentiality, Integrity, and Availability. |
nvd@nist.gov |
| V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
Score EPSS
Percentile EPSS
Products Mentioned
Configuraton 0
Zohocorp>>Manageengine_m365_manager_plus >> Version -
- Zohocorp>>Manageengine_m365_manager_plus >> Version - (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4000
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4000 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4001
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4001 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4002
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4002 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4003
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4003 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4004
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4004 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4005
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4005 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4007
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4007 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4008
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4008 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4009
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4009 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4010
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4010 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4011
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4011 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4012
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4012 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4013
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4013 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4014
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4014 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4100
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4100 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4101
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4101 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4102
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4102 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4103
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4103 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4104
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4104 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4105
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4105 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4106
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4106 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4108
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4108 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4109
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4109 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4110
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4110 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4111
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4111 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4112
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4112 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4113
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4113 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4115
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4115 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4116
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4116 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4117
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4117 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4118
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4118 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4119
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4119 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4200
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4200 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4201
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4201 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4202
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4202 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4203
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4203 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4204
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4204 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4205
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4205 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4206
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4206 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4207
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4207 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4208
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4208 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4209
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4209 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4210
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4210 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4211
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4211 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4212
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4212 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4213
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4213 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4214
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4214 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4215
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4215 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4216
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4216 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4217
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4217 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4218
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4218 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4219
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4219 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4220
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4220 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4221
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4221 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4222
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4222 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4300
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4300 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4301
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4301 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4302
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4302 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4303
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4303 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4304
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4304 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4305
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4305 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4306
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4306 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4308
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4308 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4309
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4309 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4310
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4310 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4311
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4311 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4312
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4312 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4316
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4316 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4317
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4317 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4318
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4318 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4319
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4319 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4320
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4320 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4321
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4321 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4322
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4322 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4324
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4324 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4325
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4325 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4327
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4327 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4328
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4328 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4329
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4329 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4330
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4330 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4331
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4331 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4332
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4332 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4333
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4333 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4334
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4334 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4335
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4335 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4336
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4336 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4400
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4400 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4401
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4401 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4402
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4402 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4403
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4403 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4406
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4406 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4407
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4407 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4408
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4408 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4410
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4410 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4411
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4411 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4412
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4412 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4413
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4413 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4414
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4414 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4415
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4415 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4416
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4416 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4417
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4417 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4418
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4418 (Open CPE detail)
Zohocorp>>Manageengine_m365_manager_plus >> Version build_4419
- Zohocorp>>Manageengine_m365_manager_plus >> Version build_4419 (Open CPE detail)
Références
Tags : x_refsource_CONFIRM
