What is CVE-2021-20108?

CVE-2021-20108 is a high-severity vulnerability in Zohocorp Manageengine_assetexplorer, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 7.5/10. Published 2021-07-19.

How severe is CVE-2021-20108?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Zohocorp Manageengine_assetexplorer

CVE-2021-20108

Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 90…

EPSS: 0.030 (85.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Zohocorp Manageengine_assetexplorer — versions 1.0.34
N/a Manage Engine Asset Explorer Agent — versions 1.0.34

Weakness classification (CWE)

CWE-401 — Missing Release of Memory after Effective Lifetime

References

vulnreport@tenable.com (Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20108?: CVE-2021-20108 is a high-severity vulnerability in Zohocorp Manageengine_assetexplorer, classified under Missing Release of Memory after Effective Lifetime. CVSS score: 7.5/10. Published 2021-07-19.
How severe is CVE-2021-20108?: High severity. CVSS v3 base score is 7.5 out of 10.