CVSS: 5.3EPSS: 8%CPEs: 112EXPL: 3CVE-2021-31159 – Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
https://notcve.org/view.php?id=CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10519 es vulnerable a un bug de Enumeración de Usuarios debido a la generación inapropiada de mensajes de error en la funcionalidad Forgot Password, también se conoce como SDPMSP-15732 Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability. • https://www.exploit-db.com/exploits/50027 https://github.com/ricardojoserf/CVE-2021-31159 http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html https://www.manageengine.com https://www.manageengine.com/products/service-desk-msp/readme.html#10519 • CWE-209: Generation of Error Message Containing Sensitive Information •