CVE-2021-44675

Published: Dec 20, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.

Affected (35)

Products: Zohocorp: Manageengine Servicedesk Plus Msp

Zohocorp

1 product

Manageengine Servicedesk Plus Msp

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Zohocorp Manageengine Servicedesk Plus Msp	Up to 10.5
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10500
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10501
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10502
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10503
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10504
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10505
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10506
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10507
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10508
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10509
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10510
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10511
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10512
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10513
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10514
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10515
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10516
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10517
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10518
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10519
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10520
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10521
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10522
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10523
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10524
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10525
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10526
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10527
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10528
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10529
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10530
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10531
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10532
Zohocorp Manageengine Servicedesk Plus Msp	Version 10.5 10533

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution

Source: cve@mitre.org

Vendor Advisory

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.