CVE-2021-31159

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.

Published: Jun 16, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-31159
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus_msp	10.5-10515	10.5-10515.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10516	10.5-10516.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10517	10.5-10517.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10518	10.5-10518.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10507	10.5-10507.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10508	10.5-10508.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10509	10.5-10509.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10510	10.5-10510.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10511	10.5-10511.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10512	10.5-10512.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10513	10.5-10513.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10514	10.5-10514.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10500	10.5-10500.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10501	10.5-10501.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10502	10.5-10502.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10503	10.5-10503.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10504	10.5-10504.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10505	10.5-10505.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10506	10.5-10506.x
zohocorp / manageengine_servicedesk_plus_msp	8.0	9.4.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8001	10.5-8001.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8000	10.5-8000.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9418	10.5-9418.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9419	10.5-9419.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9420	10.5-9420.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9421	10.5-9421.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9422	10.5-9422.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9423	10.5-9423.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9424	10.5-9424.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9425	10.5-9425.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9426	10.5-9426.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9427	10.5-9427.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9206	10.5-9206.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9207	10.5-9207.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9208	10.5-9208.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9209	10.5-9209.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9210	10.5-9210.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9300	10.5-9300.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9301	10.5-9301.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9302	10.5-9302.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9303	10.5-9303.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9304	10.5-9304.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9305	10.5-9305.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9306	10.5-9306.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9307	10.5-9307.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9308	10.5-9308.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9400	10.5-9400.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9401	10.5-9401.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9402	10.5-9402.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9403	10.5-9403.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9404	10.5-9404.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9405	10.5-9405.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9406	10.5-9406.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9407	10.5-9407.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9408	10.5-9408.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9409	10.5-9409.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9410	10.5-9410.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9411	10.5-9411.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9412	10.5-9412.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9413	10.5-9413.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9414	10.5-9414.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9415	10.5-9415.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9416	10.5-9416.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9417	10.5-9417.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8002	10.5-8002.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8003	10.5-8003.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8004	10.5-8004.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8100	10.5-8100.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8101	10.5-8101.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8102	10.5-8102.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8103	10.5-8103.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8104	10.5-8104.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8105	10.5-8105.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8200	10.5-8200.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8201	10.5-8201.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8202	10.5-8202.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8203	10.5-8203.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8204	10.5-8204.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8205	10.5-8205.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8206	10.5-8206.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8207	10.5-8207.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8208	10.5-8208.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8209	10.5-8209.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8210	10.5-8210.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8211	10.5-8211.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8300	10.5-8300.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8301	10.5-8301.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8302	10.5-8302.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8303	10.5-8303.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8304	10.5-8304.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8305	10.5-8305.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8306	10.5-8306.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8307	10.5-8307.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8308	10.5-8308.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8309	10.5-8309.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8310	10.5-8310.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8311	10.5-8311.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-8312	10.5-8312.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9000	10.5-9000.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9001	10.5-9001.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9002	10.5-9002.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9003	10.5-9003.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9004	10.5-9004.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9005	10.5-9005.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9006	10.5-9006.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9007	10.5-9007.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9008	10.5-9008.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9009	10.5-9009.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9201	10.5-9201.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9203	10.5-9203.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9204	10.5-9204.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-9205	10.5-9205.x

Vulnerability Database

289,697

CVE-2021-31159