Zohocorp: >> Manageengine Servicedesk Plus Msp Security Vulnerabilities
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.
CVSS Score
9.8
EPSS Score
0.034
Published
2021-12-20
CVE-2021-44077
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
Known exploited
CVSS Score
9.8
EPSS Score
0.942
Published
2021-11-29
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
CVSS Score
7.5
EPSS Score
0.1
Published
2021-06-29
Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.
CVSS Score
7.5
EPSS Score
0.016
Published
2021-06-29
Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).
CVSS Score
9.8
EPSS Score
0.075
Published
2021-06-29
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVSS Score
5.3
EPSS Score
0.237
Published
2021-06-16
Page 3