Vulnerability Details CVE-2021-31159
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.237
EPSS Ranking 95.7%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html
- https://github.com/ricardojoserf/CVE-2021-31159
- https://www.manageengine.com
- https://www.manageengine.com/products/service-desk-msp/readme.html#10519
- http://packetstormsecurity.com/files/163192/Zoho-ManageEngine-ServiceDesk-Plus-9.4-User-Enumeration.html
- https://github.com/ricardojoserf/CVE-2021-31159
- https://www.manageengine.com
- https://www.manageengine.com/products/service-desk-msp/readme.html#10519
Products affected by CVE-2021-31159
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5