Abstract Advisory Information
Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.
Author: Dominique Righetto
Version affected
Name: ServiceDesk Plus MSP
Version: 10.5 Build 10517 – Edition MSPEnterprise.Common Vulnerability Scoring System
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Patches
Version 10521 (10.5.2.1), link in the references
References
- https://www.manageengine.com/products/service-desk-msp/
- https://www.manageengine.com/products/service-desk-msp/readme.html#10521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-31160
Vulnerability Disclosure Timeline
- 21/03/2021: Vulnerability discovery
- 22/03/2021: Vulnerability Report to CERT-XLM
- 22/03/2021: Vulnerability Report to Zoho on Bugbounty Plateform
- 22/03/2021: Zoho acknowledgment
- 15/04/2021: Zoho Regestered CVE IDs to Mitre
- 19/07/2021: Vulnerability disclosure