CVE-2021-44675

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.

Published: Dec 20, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-44675
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
zohocorp / manageengine_servicedesk_plus_msp	10.5-10519	10.5-10519.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10515	10.5-10515.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10516	10.5-10516.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10517	10.5-10517.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10518	10.5-10518.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10507	10.5-10507.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10508	10.5-10508.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10509	10.5-10509.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10510	10.5-10510.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10511	10.5-10511.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10512	10.5-10512.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10513	10.5-10513.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10514	10.5-10514.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10500	10.5-10500.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10501	10.5-10501.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10502	10.5-10502.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10503	10.5-10503.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10504	10.5-10504.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10505	10.5-10505.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10506	10.5-10506.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10520	10.5-10520.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10521	10.5-10521.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10530	10.5-10530.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10525	10.5-10525.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10526	10.5-10526.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10527	10.5-10527.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10528	10.5-10528.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10529	10.5-10529.x
zohocorp / manageengine_servicedesk_plus_msp	-	10.5.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10522	10.5-10522.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10523	10.5-10523.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10524	10.5-10524.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10531	10.5-10531.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10532	10.5-10532.x
zohocorp / manageengine_servicedesk_plus_msp	10.5-10533	10.5-10533.x

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution

Vulnerability Database

289,784

CVE-2021-44675