CVE-2021-31531

CVE-2021-31531

by mathildeexlm

Abstract Advisory Information

Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to Server-Side Request Forgery (SSRF).

Author: Dominique Righetto

Version affected

Name: ServiceDesk Plus MSP
Version: 10.5 Build 10517 – Edition MSPEnterprise.

Common Vulnerability Scoring System

5.3

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Patches

Version 10522 (10.5.2.1), link in the references

References

 

Vulnerability Disclosure Timeline

  • 27/03/2021: Vulnerability discovery
  • 29/03/2021: Vulnerability Report to CERT-XLM
  • 06/04/2021: Vulnerability Report to Zoho on Bugbounty Plateform
  • 12/04/2021: Zoho acknowledgment
  • 22/04/2021: Zoho Regestered CVE IDs to Mitre
  • 19/07/2021: Vulnerability disclosure
Top