CVE-2021-20081

Published: Jun 10, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.

Affected (6)

Products: Zohocorp: Manageengine Servicedesk Plus

Zohocorp

1 product

Manageengine Servicedesk Plus

Configuration A

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus	Before 11.2
Zohocorp Manageengine Servicedesk Plus	Version 11.2
Zohocorp Manageengine Servicedesk Plus	Version 11.2 build11201
Zohocorp Manageengine Servicedesk Plus	Version 11.2 build11202
Zohocorp Manageengine Servicedesk Plus	Version 11.2 build11203
Zohocorp Manageengine Servicedesk Plus	Version 11.2 build11204

Running on/with	Platform Versions
Microsoft Windows	All versions

References (2)

https://www.tenable.com/security/research/tra-2021-22

Source: vulnreport@tenable.com

ExploitThird Party Advisory

https://www.tenable.com/security/research/tra-2021-22

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.