vulnerability
Zoho ManageEngine ServiceDesk Plus MSP: CVE-2021-44077: Authentication bypass vulnerability in certain application URLs
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Sep 11, 2021 | Dec 9, 2021 | Jul 3, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Sep 11, 2021
Added
Dec 9, 2021
Modified
Jul 3, 2025
Description
TFA related URLs are misconfigured in ServiceDesk Plus. This vulnerability allows the attackers to upload malicious files into ServiceDesk Plus.
Solution
zoho-manageengine-servicedesk-plus-msp-upgrade-latest
References
- CWE-306
- CVE-2021-44077
- https://attackerkb.com/topics/CVE-2021-44077
- URL-http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.