← Voltar para CVEs

CVE-2021-44077

CRITICALCISA KEV

9.8

Descricao

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado11/29/2021

Ultima modificacao10/31/2025

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorZoho

ProdutoManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus

Nome da vulnerabilidadeZoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability

Data inclusao KEV2021-12-01

Prazo de remediacao2021-12-15

Uso em ransomwareUnknown

Produtos afetados

zohocorp:manageengine_servicedesk_pluszohocorp:manageengine_servicedesk_plus_mspzohocorp:manageengine_supportcenter_plus

Fraquezas (CWE)

CWE-306CWE-306

Referencias

http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html(cve@mitre.org)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above(cve@mitre.org)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529(cve@mitre.org)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021(cve@mitre.org)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013(cve@mitre.org)

http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above(af854a3a-2127-422b-91ae-364da2661108)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529(af854a3a-2127-422b-91ae-364da2661108)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021(af854a3a-2127-422b-91ae-364da2661108)

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.