CVE-2021-31531
https://notcve.org/view.php?id=CVE-2021-31531
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF). Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, es vulnerable a ataques de tipo Server-Side Request Forgery (SSRF) • https://excellium-services.com/cert-xlm-advisory/cve-2021-31531 https://www.manageengine.com/products/service-desk-msp/readme.html#10521 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-31530
https://notcve.org/view.php?id=CVE-2021-31530
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10522, es vulnerable a una Divulgación de Información • https://excellium-services.com/cve-2021-31530 https://www.manageengine.com/products/service-desk-msp/readme.html#10522 •
CVE-2021-31160
https://notcve.org/view.php?id=CVE-2021-31160
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10521, permite a un atacante acceder a datos internos • https://excellium-services.com/cert-xlm-advisory/cve-2021-31160 https://www.manageengine.com/products/service-desk-msp/readme.html#10521 •
CVE-2021-31159 – Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration
https://notcve.org/view.php?id=CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732. Zoho ManageEngine ServiceDesk Plus MSP versiones anteriores a 10519 es vulnerable a un bug de Enumeración de Usuarios debido a la generación inapropiada de mensajes de error en la funcionalidad Forgot Password, también se conoce como SDPMSP-15732 Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability. • https://www.exploit-db.com/exploits/50027 https://github.com/ricardojoserf/CVE-2021-31159 http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html https://www.manageengine.com https://www.manageengine.com/products/service-desk-msp/readme.html#10519 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2021-20081
https://notcve.org/view.php?id=CVE-2021-20081
Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. La lista incompleta de entradas no permitidas en ManageEngine ServiceDesk Plus versiones anteriores a 11205 permite a un atacante remoto y autenticado ejecutar comandos arbitrarios con privilegios SYSTEM • https://www.tenable.com/security/research/tra-2021-22 •