CVE-2021-20081

Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges.
References
Link Resource
https://www.tenable.com/security/research/tra-2021-22 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:-:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11201:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11202:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11203:*:*:*:*:*:*
cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:build11204:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-06-10 12:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-20081

Mitre link : CVE-2021-20081

CVE.ORG link : CVE-2021-20081


JSON object : View

Products Affected

zohocorp

  • manageengine_servicedesk_plus

microsoft

  • windows