vulnerability
Zoho ManageEngine ServiceDesk Plus: Authentication bypass vulnerability in certain application URLs (CVE-2021-44077)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Sep 11, 2021 | Dec 9, 2021 | May 20, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Sep 11, 2021
Added
Dec 9, 2021
Modified
May 20, 2025
Description
TFA related URLs are misconfigured in ServiceDesk Plus. This vulnerability allows the attackers to upload malicious files into ServiceDesk Plus.
Solution
zoho-manageengine-servicedesk-plus-upgrade-latest
References
- CVE-2021-44077
- https://attackerkb.com/topics/CVE-2021-44077
- URL-http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.