← Back

CVE-2021-43296

nvd nist
Published: Nov 30, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.

Affected (16)

Zohocorp
1 product
Manageengine Supportcenter Plus
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Zohocorp
Manageengine Supportcenter Plus
Version 11.0
Manageengine Supportcenter Plus
Version 11.0 11001
Manageengine Supportcenter Plus
Version 11.0 11002
Manageengine Supportcenter Plus
Version 11.0 11003
Manageengine Supportcenter Plus
Version 11.0 11004
Manageengine Supportcenter Plus
Version 11.0 11005
Manageengine Supportcenter Plus
Version 11.0 11006
Manageengine Supportcenter Plus
Version 11.0 11007
Manageengine Supportcenter Plus
Version 11.0 11008
Manageengine Supportcenter Plus
Version 11.0 11009
Manageengine Supportcenter Plus
Version 11.0 11010
Manageengine Supportcenter Plus
Version 11.0 11011
Manageengine Supportcenter Plus
Version 11.0 11012
Manageengine Supportcenter Plus
Version 11.0 11013
Manageengine Supportcenter Plus
Version 11.0 11014
Manageengine Supportcenter Plus
Version 11.0 11015

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
Product

Timeline

No history available yet.