Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Manageengine_o365_manager_plus | Zohocorp | * | 4.4 (excluding) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4 (including) | 4.4 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4400 (including) | 4.4-build4400 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4401 (including) | 4.4-build4401 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4402 (including) | 4.4-build4402 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4403 (including) | 4.4-build4403 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4406 (including) | 4.4-build4406 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4407 (including) | 4.4-build4407 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4408 (including) | 4.4-build4408 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4410 (including) | 4.4-build4410 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4411 (including) | 4.4-build4411 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4412 (including) | 4.4-build4412 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4413 (including) | 4.4-build4413 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4414 (including) | 4.4-build4414 (including) |
| Manageengine_o365_manager_plus | Zohocorp | 4.4-build4415 (including) | 4.4-build4415 (including) |