vulnerability

Zoho ManageEngine ServiceDesk Plus MSP: Authentication bypass and arbitrary code execution. (CVE-2021-44675)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	2021-12-05	2025-01-14	2025-01-14

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

2021-12-05

Added

2025-01-14

Modified

2025-01-14

Description

One of the tomcat filter is not configured properly in ServiceDesk Plus MSP. This vulnerability allows the attackers to invoke any URLs without authentication.

Solution

zoho-manageengine-servicedesk-plus-msp-upgrade-latest

References

CVE-2021-44675
https://attackerkb.com/topics/CVE-2021-44675
URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today