CVE-2021-31530

CVE-2021-31530

by Excellium SA

Abstract Advisory Information

Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to Information Disclosure.

Author: Dominique Righetto

Version affected

Name: ServiceDesk Plus MSP
Version: 10.5 Build 10517 – Edition MSPEnterprise.

Common Vulnerability Scoring System

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Patches

Version 10522 (10.5.2.2), link in the references

References

Vulnerability Disclosure Timeline

  • 27/03/2021: Vulnerability discovery
  • 29/03/2021: Vulnerability Report to CERT-XLM
  • 06/04/2021: Vulnerability Report to Zoho on Bugbounty Plateform
  • 12/04/2021: Zoho acknowledgment
  • 22/04/2021: Zoho Regestered CVE IDs to Mitre
  • 19/07/2021: Vulnerability disclosure
Top