CVE-2021-31531

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

Published: Jun 29, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-31531
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus_msp	-	10.5
zohocorp / manageengine_servicedesk_plus_msp	10.5-10519	10.5-10519.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10515	10.5-10515.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10516	10.5-10516.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10517	10.5-10517.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10518	10.5-10518.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10507	10.5-10507.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10508	10.5-10508.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10509	10.5-10509.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10510	10.5-10510.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10511	10.5-10511.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10512	10.5-10512.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10513	10.5-10513.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10514	10.5-10514.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10500	10.5-10500.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10501	10.5-10501.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10502	10.5-10502.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10503	10.5-10503.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10504	10.5-10504.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10505	10.5-10505.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10506	10.5-10506.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10520	10.5-10520.x
zohocorp / manageengine_servicedesk_plus_msp	10.5	10.5.x

Vulnerability Database

289,784

CVE-2021-31531