CVE-2021-20136

N/A

ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.

N/A

N/A

ZOHO ManageEngine Log360 访问控制错误漏洞

ZOHO ManageEngine Log360是美国卓豪（ZOHO）公司的一个集成的日志管理和 Active Directory 审计和警报解决方案。该解决方案可帮助您减轻安全威胁、发现持续的攻击企图、检测可疑的用户活动并遵守监管​​要求。 ZOHO ManageEngine Log360 Builds < 5235 存在安全漏洞，该漏洞允许数据库配置覆盖。未经身份验证的远程攻击者可以向 Log360 发送特制消息，将其后端数据库更改为攻击者控制的数据库并强制 Log360 重新启动。攻击者可以利用该漏

N/A

N/A