CVE-2021-44652
Description
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
Vulnerability
Zoho ManageEngine O365 Manager Plus before Build 4416 contains a remote code execution vulnerability in the ChangeDBAPI component. The issue allows an attacker to overwrite BCP (Bulk Copy Program) files, leading to arbitrary code execution. Affected versions are all prior to Build 4416 [1].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the ChangeDBAPI endpoint, causing an overwrite of a BCP file. No authentication is required, and the attack can be performed remotely over the network [1].
Impact
Successful exploitation allows the attacker to execute arbitrary code on the target server with the privileges of the application, potentially leading to full system compromise, data theft, or further lateral movement [1].
Mitigation
The vulnerability is fixed in ManageEngine O365 Manager Plus Build 4416 and later. Administrators should upgrade to this build or higher immediately. No workarounds are documented [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Zoho ManageEngine/O365 Manager Plusdescription
- Range: <4416
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.manageengine.com/microsoft-365-management-reporting/release-notes.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.