CVE-2021-20081

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-22 Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2021-22 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11202:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11203:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11204:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:45

Type Values Removed Values Added
References () https://www.tenable.com/security/research/tra-2021-22 - Exploit, Third Party Advisory () https://www.tenable.com/security/research/tra-2021-22 - Exploit, Third Party Advisory

Information

Published : 2021-06-10 12:15

Updated : 2024-11-21 05:45


NVD link : CVE-2021-20081

Mitre link : CVE-2021-20081

CVE.ORG link : CVE-2021-20081


JSON object : View

Products Affected

microsoft

  • windows

zohocorp

  • manageengine_servicedesk_plus