vulnerability

Zoho ManageEngine ServiceDesk Plus: CVE-2021-44077: Authentication bypass vulnerability in certain application URLs

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 11, 2021
Added
Dec 9, 2021
Modified
Mar 27, 2026

Description

TFA related URLs are misconfigured in ServiceDesk Plus. This vulnerability allows the attackers to upload malicious files into ServiceDesk Plus.

Solution

zoho-manageengine-servicedesk-plus-upgrade-latest

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today