Vulnerability Details CVE-2021-44675
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution
- https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution
Products affected by CVE-2021-44675
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:-
-
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5