What is CVE-2021-20136?

CVE-2021-20136 is a critical-severity vulnerability in Zohocorp Manageengine_log360, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2021-11-01.

How severe is CVE-2021-20136?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Zohocorp Manageengine_log360

CVE-2021-20136

ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend d…

Vulnerability class: Broken Authentication

EPSS: 0.105 (95.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Zohocorp Manageengine_log360 — versions 5.3
N/a Manageengine Log360 — versions < 5235

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

vulnreport@tenable.com (Exploit, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2021-20136?: CVE-2021-20136 is a critical-severity vulnerability in Zohocorp Manageengine_log360, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2021-11-01.
How severe is CVE-2021-20136?: Critical severity. CVSS v3 base score is 9.8 out of 10.