CVE-2021-31160

CVE-2021-31160

by Excellium SA

Abstract Advisory Information

Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker to access internal data.

Author: Dominique Righetto

Version affected

Name: ServiceDesk Plus MSP
Version: 10.5 Build 10517 – Edition MSPEnterprise.

Common Vulnerability Scoring System

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Patches

Version 10521 (10.5.2.1), link in the references

References

Vulnerability Disclosure Timeline

  • 21/03/2021: Vulnerability discovery
  • 22/03/2021: Vulnerability Report to CERT-XLM
  • 22/03/2021: Vulnerability Report to Zoho on Bugbounty Plateform
  • 22/03/2021: Zoho acknowledgment
  • 15/04/2021: Zoho Regestered CVE IDs to Mitre
  • 19/07/2021: Vulnerability disclosure
Top