Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
References
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-306 |
Information
Published : 2021-11-29 04:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-44077
Mitre link : CVE-2021-44077
CVE.ORG link : CVE-2021-44077
JSON object : View
Products Affected
zohocorp
- manageengine_servicedesk_plus_msp
- manageengine_supportcenter_plus
- manageengine_servicedesk_plus
CWE
CWE-306
Missing Authentication for Critical Function