CVE-2021-31530

Abstract Advisory Information

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.

Author: Dominique Righetto

Version affected

Name: ServiceDesk Plus MSP

Common Vulnerability Scoring System

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Patches

Version 10522 (10.5.2.2), link in the references

References

• https://www.manageengine.com/products/service-desk-msp/
• https://www.manageengine.com/products/service-desk-msp/readme.html#10522
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-31530

Vulnerability Disclosure Timeline

• 27/03/2021: Vulnerability discovery
• 29/03/2021: Vulnerability Report to CERT-XLM
• 06/04/2021: Vulnerability Report to Zoho on Bugbounty Plateform
• 12/04/2021: Zoho acknowledgment
• 22/04/2021: Zoho Regestered CVE IDs to Mitre
• 19/07/2021: Vulnerability disclosure