CVSS: 9.8EPSS: 97%CPEs: 72EXPL: 4CVE-2021-44077 – Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecución de código remota no autenticada. Esto está relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuración de Struts Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution • https://github.com/horizon3ai/CVE-2021-44077 https://github.com/pizza-power/Golang-CVE-2021-44077-POC http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529& • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2021-31531
https://notcve.org/view.php?id=CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, es vulnerable a ataques de tipo Server-Side Request Forgery (SSRF) • https://excellium-services.com/cert-xlm-advisory/cve-2021-31531 https://www.manageengine.com/products/service-desk-msp/readme.html#10521 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2021-31530
https://notcve.org/view.php?id=CVE-2021-31530
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10522, es vulnerable a una Divulgación de Información • https://excellium-services.com/cve-2021-31530 https://www.manageengine.com/products/service-desk-msp/readme.html#10522 •
CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2021-31160
https://notcve.org/view.php?id=CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, permite a un atacante acceder a datos internos • https://excellium-services.com/cert-xlm-advisory/cve-2021-31160 https://www.manageengine.com/products/service-desk-msp/readme.html#10521 •
CVSS: 5.3EPSS: 8%CPEs: 112EXPL: 3CVE-2021-31159 – Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
https://notcve.org/view.php?id=CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10519 es vulnerable a un bug de Enumeración de Usuarios debido a la generación inapropiada de mensajes de error en la funcionalidad Forgot Password, también se conoce como SDPMSP-15732 Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability. • https://www.exploit-db.com/exploits/50027 https://github.com/ricardojoserf/CVE-2021-31159 http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html https://www.manageengine.com https://www.manageengine.com/products/service-desk-msp/readme.html#10519 • CWE-209: Generation of Error Message Containing Sensitive Information •