CVE-2021-42847
CRITICALManageEngine ADAudit Plus Authenticated File Write RCE
Title source: metasploitDescription
Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files.
Exploits (1)
metasploit
WORKING POC
EXCELLENT
by Moon, Erik Wynter · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/manageengine_adaudit_plus_authenticated_rce.rb
Scores
CVSS v3
9.8
EPSS
0.8710
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (2)
zohocorp/manageengine_adaudit_plus
7.0 (6 CPE variants)
zohocorp/manageengine_adaudit_plus
< 7.0
Published
Nov 11, 2021
Tracked Since
Feb 18, 2026