Vulnerability-Lookup

CVE-2021-44077 (GCVE-0-2021-44077)

Vulnerability from cvelistv5 – Published: 2021-11-29 03:17 – Updated: 2025-10-21 23:25

CISA KEVIntel

Summary

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

n/a
CWE-306 - Missing Authentication for Critical Function

Assigner

mitre

References

6 references

URL	Tags
https://pitstop.manageengine.com/portal/en/commun…	x_refsource_MISC
https://pitstop.manageengine.com/portal/en/commun…	x_refsource_MISC
https://pitstop.manageengine.com/portal/en/commun…	x_refsource_MISC
https://pitstop.manageengine.com/portal/en/commun…	x_refsource_MISC
http://packetstormsecurity.com/files/165400/Manag…	x_refsource_MISC
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 128c1dc8-afab-477f-8f03-8071562fe288

Vulnerability ID: CVE-2021-44077

Status: Confirmed

Status Updated: 2021-12-01 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-12-01

Asserted: 2021-12-01

Scope

Notes: KEV entry: Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability | Affected: Zoho / ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus | Description: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution | Required action: Apply updates per vendor instructions. | Due date: 2021-12-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-44077

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-306
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus
Due Date	2021-12-15
Date Added	2021-12-01
Vendorproject	Zoho
Vulnerabilityname	Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2021-44077

Created: 2026-02-02 12:28 UTC | Updated: 2026-02-06 07:17 UTC

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 138cf9f6-c6e8-4757-b5e1-7836bfcc0931

Vulnerability ID: CVE-2021-44077

Status: Confirmed

Status Updated: 2021-12-01 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-12-01

Asserted: 2021-12-01

Scope

Notes: KEVIntel entry: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to... | Affected: Zoho / ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus MSP, ManageEngine SupportCenter Plus | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel

Details

Feed	KEVIntel (kevintel.com)
Title	Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to...
Vendor	Zoho
Product	ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus MSP, ManageEngine SupportCenter Plus
Added Date	2021-12-01T00:00:00.000Z
Cvss Score	9.8
Epss Score	None
Cvss Severity	CRITICAL
Epss Percentile	None
Used In Malware	unknown
Ahead Of Cisa Kev	None
Not Yet In Cisa Kev	False

References

Created: 2026-06-23 14:04 UTC | Updated: 2026-06-23 14:04 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.351Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-44077",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:30:45.713677Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-12-01",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:24.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-12-01T00:00:00.000Z",
            "value": "CVE-2021-44077 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-28T18:06:08.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-44077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021",
              "refsource": "MISC",
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
            },
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above",
              "refsource": "MISC",
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
            },
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529",
              "refsource": "MISC",
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
            },
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013",
              "refsource": "MISC",
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
            },
            {
              "name": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-44077",
    "datePublished": "2021-11-29T03:17:45.000Z",
    "dateReserved": "2021-11-20T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:24.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-44077",
      "cwes": "[\"CWE-306\"]",
      "dateAdded": "2021-12-01",
      "dueDate": "2021-12-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-44077",
      "product": "ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution",
      "vendorProject": "Zoho",
      "vulnerabilityName": "Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability"
    },
    "epss": {
      "cve": "CVE-2021-44077",
      "date": "2026-06-23",
      "epss": "0.93514",
      "percentile": "0.99826"
    },
    "fkie_nvd": {
      "cisaActionDue": "2021-12-15",
      "cisaExploitAdd": "2021-12-01",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*\", \"matchCriteriaId\": \"106A06E5-56E8-41D3-A059-7DA6737DABAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*\", \"matchCriteriaId\": \"401AEAD2-183D-4E55-94AD-D24A9BE46D61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD69D55A-3975-4F1E-8D6F-E0074F83CCBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*\", \"matchCriteriaId\": \"417D6E6A-C16A-4A76-8D65-31340834233E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A040A5B-8C2A-4557-AB5E-1427B0F1E889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*\", \"matchCriteriaId\": \"207A81A8-02EF-4793-B047-46581BF7E60B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*\", \"matchCriteriaId\": \"194BEECD-F877-4D28-A534-E965D69C9EB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EA1D3D0-696F-4FFE-9CDE-B69071FA574E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D130762-4B49-4089-99A1-FEFD6B76AB8F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDC33E6B-81E2-4A15-8889-2CD709CF5E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*\", \"matchCriteriaId\": \"E08A077E-B1AA-432A-B37A-AA603C8CD1FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*\", \"matchCriteriaId\": \"69B73464-8627-4CCE-93CE-B312A9D7B35C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*\", \"matchCriteriaId\": \"51839FBE-A7E1-40FD-B44B-F9C8CA62E063\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BE9BFCC-04AB-4053-949C-B2860E7E43B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2062399-67EA-4368-9629-60E4A59DDB29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEE7D305-0FA5-4126-A585-4FC1162AFA29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*\", \"matchCriteriaId\": \"05376518-DE14-45F7-9B60-F4B4CF7BD7A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FB2885F-308D-4AAC-9CD3-53150CC81C1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*\", \"matchCriteriaId\": \"188135EF-9821-4325-A34F-AB6F430F5DDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC971E05-D69B-4688-861D-3D6357726CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF31050A-1CB8-48E0-BFFA-4BC89538FEBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*\", \"matchCriteriaId\": \"360C0396-E928-4FCB-BAD3-6246A3BCEE37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*\", \"matchCriteriaId\": \"3287B495-E4CB-4B2F-9ED5-E077AB0CDC11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.5\", \"matchCriteriaId\": \"702877AB-4E70-4E11-BBBF-F3B9670C39FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*\", \"matchCriteriaId\": \"860EBABC-B252-4C73-97C6-57A67ED94492\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*\", \"matchCriteriaId\": \"71E4F529-B091-4565-B024-185174483A70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*\", \"matchCriteriaId\": \"FADCF801-93E0-430B-BD14-092ACE960D05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*\", \"matchCriteriaId\": \"97CD568D-AF18-42E7-8357-9AE2B279BEE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EB715EE-313B-4D62-A345-C4F7EB7C3DED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*\", \"matchCriteriaId\": \"B965016B-7584-4661-A8F3-C8EA3DB1E94C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCF7199B-A66E-425B-9614-D8256C4C828D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*\", \"matchCriteriaId\": \"81F583C7-CB76-430A-A7AC-F3E727E0A26D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*\", \"matchCriteriaId\": \"F33A3E84-F73B-4797-8A97-3F10F77BD631\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*\", \"matchCriteriaId\": \"724284CA-51FE-46E8-B90E-99C53615901B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*\", \"matchCriteriaId\": \"8342A66C-4C0B-4FAE-987A-276CE126724B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*\", \"matchCriteriaId\": \"39C638A3-C8A1-4C2A-9B8F-39339F5674CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BB0CD9F-5459-44A7-9AD1-A70D3208369B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*\", \"matchCriteriaId\": \"7399A6B2-B0F2-4898-AC04-E50B508EA495\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*\", \"matchCriteriaId\": \"7793C1AC-38FA-4B31-BB78-004A519DD4A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C30D050-4BDC-46E6-819E-49898AD56BFA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB7D8E3B-30C3-44C5-90B7-561F4E09830E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*\", \"matchCriteriaId\": \"33960952-4461-4502-A2B5-364E22C96824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*\", \"matchCriteriaId\": \"0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD1A9B14-02F0-4674-9032-73778271CACB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10521:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F64234B-85F7-45FE-9308-5C45F95EC4AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10522:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EE6A4EB-E22A-4B06-9C2A-BCF1CA20A2BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10523:*:*:*:*:*:*\", \"matchCriteriaId\": \"1758E31C-9AD6-480F-B425-EA7776CDA1F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10524:*:*:*:*:*:*\", \"matchCriteriaId\": \"9506206D-1914-4FDD-AD81-5DACC07B6990\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10525:*:*:*:*:*:*\", \"matchCriteriaId\": \"79283836-E9D6-4C54-9E3D-40FB586B9071\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10526:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AA91D46-40E8-4019-B993-80CFAC548F79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10527:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DFDE5E2-1F3A-4C1C-9323-0025E87FA4F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10528:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EDCDA56-54A1-4D94-96FD-AD1064E15767\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10529:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A3E96BB-0EF9-4DAC-84EB-7496F7293D71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.0\", \"matchCriteriaId\": \"BBD6428C-9132-46B0-849B-DDDFA23B1C2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*\", \"matchCriteriaId\": \"D788203D-B169-4C98-B090-B070630750DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*\", \"matchCriteriaId\": \"846EA6AB-9588-4D9F-AEBD-83B018BE7362\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*\", \"matchCriteriaId\": \"BDD540F2-C964-40DE-91AB-DE726AAA82A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*\", \"matchCriteriaId\": \"685783DB-DD06-4D9C-9E83-63449D5B60D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*\", \"matchCriteriaId\": \"C371F2CD-A1F8-4EC7-8096-D61DEA337D44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*\", \"matchCriteriaId\": \"B980A72F-53E2-4FC1-AA25-743AE8650641\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*\", \"matchCriteriaId\": \"68289AE6-F348-401A-BE49-08889492B23B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0667DC3-8315-4F2B-BAB7-D1F1CA476D68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*\", \"matchCriteriaId\": \"34C768E0-FF5B-413D-87B2-9D09F28F95DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*\", \"matchCriteriaId\": \"5570C5A9-A79B-48CF-B95D-3513F7B9BAF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*\", \"matchCriteriaId\": \"B77031F5-E097-4549-BF5E-1D0718AB52B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A9C0879-8AE5-4E6E-998C-E79FC418C68A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F1F21D7-08E8-4637-903B-4277399C0BD7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.\"}, {\"lang\": \"es\", \"value\": \"Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecuci\\u00f3n de c\\u00f3digo remota no autenticada. Esto est\\u00e1 relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuraci\\u00f3n de Struts\"}]",
      "id": "CVE-2021-44077",
      "lastModified": "2024-11-21T06:30:19.610",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-11-29T04:15:06.737",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-306\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-44077\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-11-29T04:15:06.737\",\"lastModified\":\"2026-06-17T04:11:52.397\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.\"},{\"lang\":\"es\",\"value\":\"Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecuci\u00f3n de c\u00f3digo remota no autenticada. Esto est\u00e1 relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuraci\u00f3n de Struts\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-02-04T19:30:45.713677Z\",\"id\":\"CVE-2021-44077\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2021-12-01\",\"cisaActionDue\":\"2021-12-15\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"816A3CCE-7BD4-4D3D-984B-6BCFE3E3769E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*\",\"matchCriteriaId\":\"106A06E5-56E8-41D3-A059-7DA6737DABAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*\",\"matchCriteriaId\":\"401AEAD2-183D-4E55-94AD-D24A9BE46D61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD69D55A-3975-4F1E-8D6F-E0074F83CCBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*\",\"matchCriteriaId\":\"417D6E6A-C16A-4A76-8D65-31340834233E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A040A5B-8C2A-4557-AB5E-1427B0F1E889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*\",\"matchCriteriaId\":\"207A81A8-02EF-4793-B047-46581BF7E60B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*\",\"matchCriteriaId\":\"194BEECD-F877-4D28-A534-E965D69C9EB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EA1D3D0-696F-4FFE-9CDE-B69071FA574E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D130762-4B49-4089-99A1-FEFD6B76AB8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDC33E6B-81E2-4A15-8889-2CD709CF5E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08A077E-B1AA-432A-B37A-AA603C8CD1FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*\",\"matchCriteriaId\":\"69B73464-8627-4CCE-93CE-B312A9D7B35C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*\",\"matchCriteriaId\":\"51839FBE-A7E1-40FD-B44B-F9C8CA62E063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BE9BFCC-04AB-4053-949C-B2860E7E43B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2062399-67EA-4368-9629-60E4A59DDB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEE7D305-0FA5-4126-A585-4FC1162AFA29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*\",\"matchCriteriaId\":\"05376518-DE14-45F7-9B60-F4B4CF7BD7A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FB2885F-308D-4AAC-9CD3-53150CC81C1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*\",\"matchCriteriaId\":\"188135EF-9821-4325-A34F-AB6F430F5DDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC971E05-D69B-4688-861D-3D6357726CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF31050A-1CB8-48E0-BFFA-4BC89538FEBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*\",\"matchCriteriaId\":\"360C0396-E928-4FCB-BAD3-6246A3BCEE37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*\",\"matchCriteriaId\":\"3287B495-E4CB-4B2F-9ED5-E077AB0CDC11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.5\",\"matchCriteriaId\":\"D82A926C-EDD8-4540-B6D0-695A16686511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*\",\"matchCriteriaId\":\"860EBABC-B252-4C73-97C6-57A67ED94492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*\",\"matchCriteriaId\":\"71E4F529-B091-4565-B024-185174483A70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADCF801-93E0-430B-BD14-092ACE960D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*\",\"matchCriteriaId\":\"97CD568D-AF18-42E7-8357-9AE2B279BEE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EB715EE-313B-4D62-A345-C4F7EB7C3DED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*\",\"matchCriteriaId\":\"B965016B-7584-4661-A8F3-C8EA3DB1E94C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCF7199B-A66E-425B-9614-D8256C4C828D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F583C7-CB76-430A-A7AC-F3E727E0A26D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*\",\"matchCriteriaId\":\"F33A3E84-F73B-4797-8A97-3F10F77BD631\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*\",\"matchCriteriaId\":\"724284CA-51FE-46E8-B90E-99C53615901B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*\",\"matchCriteriaId\":\"8342A66C-4C0B-4FAE-987A-276CE126724B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*\",\"matchCriteriaId\":\"39C638A3-C8A1-4C2A-9B8F-39339F5674CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BB0CD9F-5459-44A7-9AD1-A70D3208369B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*\",\"matchCriteriaId\":\"7399A6B2-B0F2-4898-AC04-E50B508EA495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*\",\"matchCriteriaId\":\"7793C1AC-38FA-4B31-BB78-004A519DD4A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C30D050-4BDC-46E6-819E-49898AD56BFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB7D8E3B-30C3-44C5-90B7-561F4E09830E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*\",\"matchCriteriaId\":\"33960952-4461-4502-A2B5-364E22C96824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*\",\"matchCriteriaId\":\"0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD1A9B14-02F0-4674-9032-73778271CACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10521:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F64234B-85F7-45FE-9308-5C45F95EC4AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10522:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EE6A4EB-E22A-4B06-9C2A-BCF1CA20A2BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10523:*:*:*:*:*:*\",\"matchCriteriaId\":\"1758E31C-9AD6-480F-B425-EA7776CDA1F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10524:*:*:*:*:*:*\",\"matchCriteriaId\":\"9506206D-1914-4FDD-AD81-5DACC07B6990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10525:*:*:*:*:*:*\",\"matchCriteriaId\":\"79283836-E9D6-4C54-9E3D-40FB586B9071\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10526:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA91D46-40E8-4019-B993-80CFAC548F79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10527:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DFDE5E2-1F3A-4C1C-9323-0025E87FA4F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10528:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EDCDA56-54A1-4D94-96FD-AD1064E15767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10529:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3E96BB-0EF9-4DAC-84EB-7496F7293D71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0\",\"matchCriteriaId\":\"791D8E77-1A6B-4739-A6E6-BF91E978144E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*\",\"matchCriteriaId\":\"D788203D-B169-4C98-B090-B070630750DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*\",\"matchCriteriaId\":\"846EA6AB-9588-4D9F-AEBD-83B018BE7362\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDD540F2-C964-40DE-91AB-DE726AAA82A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*\",\"matchCriteriaId\":\"685783DB-DD06-4D9C-9E83-63449D5B60D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*\",\"matchCriteriaId\":\"C371F2CD-A1F8-4EC7-8096-D61DEA337D44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*\",\"matchCriteriaId\":\"B980A72F-53E2-4FC1-AA25-743AE8650641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*\",\"matchCriteriaId\":\"68289AE6-F348-401A-BE49-08889492B23B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0667DC3-8315-4F2B-BAB7-D1F1CA476D68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C768E0-FF5B-413D-87B2-9D09F28F95DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*\",\"matchCriteriaId\":\"5570C5A9-A79B-48CF-B95D-3513F7B9BAF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77031F5-E097-4549-BF5E-1D0718AB52B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A9C0879-8AE5-4E6E-998C-E79FC418C68A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F1F21D7-08E8-4637-903B-4277399C0BD7\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T04:10:17.351Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-44077\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:30:45.713677Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-12-01\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-12-01T00:00:00.000Z\", \"value\": \"CVE-2021-44077 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:30:22.400Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-12-28T18:06:08.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\", \"name\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\", \"refsource\": \"MISC\"}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\", \"name\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\", \"refsource\": \"MISC\"}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\", \"name\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\", \"refsource\": \"MISC\"}, {\"url\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\", \"name\": \"https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\", \"refsource\": \"MISC\"}, {\"url\": \"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\", \"name\": \"http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-44077\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-44077\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:24.156Z\", \"dateReserved\": \"2021-11-20T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2021-11-29T03:17:45.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2022-00677

Vulnerability from fstec - Published: 28.11.2021

Title

Уязвимость конфигурации программных средств для службы технической поддержки Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP и Zoho ManageEngine SupportCenter Plus, связанная с отсутствием процедуры аутентификации, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость конфигурации программных средств для службы технической поддержки Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP и Zoho ManageEngine SupportCenter Plus связана с отсутствием процедуры аутентификации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ZOHO Corp.

Software Name

ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus MSP, ManageEngine SupportCenter Plus

Software Version

до 11306 (ManageEngine ServiceDesk Plus), до 10530 (ManageEngine ServiceDesk Plus MSP), до 11014 (ManageEngine SupportCenter Plus)

Possible Mitigations

Использование рекомендаций: https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021 https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529 https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013

Reference

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021 https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529 https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013 http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html https://github.com/horizon3ai/CVE-2021-44077 https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-287

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "ZOHO Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 11306 (ManageEngine ServiceDesk Plus), \u0434\u043e 10530 (ManageEngine ServiceDesk Plus MSP), \u0434\u043e 11014 (ManageEngine SupportCenter Plus)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.02.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-00677",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-44077",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ManageEngine ServiceDesk Plus, ManageEngine ServiceDesk Plus MSP, ManageEngine SupportCenter Plus",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0434\u043b\u044f \u0441\u043b\u0443\u0436\u0431\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP \u0438 Zoho ManageEngine SupportCenter Plus, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f (CWE-287)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0434\u043b\u044f \u0441\u043b\u0443\u0436\u0431\u044b \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP \u0438 Zoho ManageEngine SupportCenter Plus \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013\nhttp://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html\nhttps://github.com/horizon3ai/CVE-2021-44077\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-287",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2021-94846

Vulnerability from cnvd - Published: 2021-12-07

Title

ZOHO ManageEngine ServiceDesk Plus远程代码执行漏洞

Description

ZOHO ManageEngine ServiceDesk Plus（SDP）是美国卓豪（ZOHO）公司的一套基于ITIL架构的IT服务管理软件。该软件集成了事件管理、问题管理、资产管理IT项目管理、采购与合同管理等功能模块。 ZOHO ManageEngine ServiceDesk Plus存在远程代码执行漏洞，未经身份验证的攻击者可利用该漏洞远程执行代码。

Severity

中

Patch Name

ZOHO ManageEngine ServiceDesk Plus远程代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021。

Reference

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021

Impacted products

Name
['ZOHO ManageEngine ServiceDesk Plus <11306', 'Zoho ManageEngine ServiceDesk Plus MSP <10530', 'ZOHO ManageEngine SupportCenter Plus <11014']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-44077",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-44077"
    }
  },
  "description": "ZOHO ManageEngine ServiceDesk Plus\uff08SDP\uff09\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eITIL\u67b6\u6784\u7684IT\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u96c6\u6210\u4e86\u4e8b\u4ef6\u7ba1\u7406\u3001\u95ee\u9898\u7ba1\u7406\u3001\u8d44\u4ea7\u7ba1\u7406IT\u9879\u76ee\u7ba1\u7406\u3001\u91c7\u8d2d\u4e0e\u5408\u540c\u7ba1\u7406\u7b49\u529f\u80fd\u6a21\u5757\u3002\n\nZOHO ManageEngine ServiceDesk Plus\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021\u3002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-94846",
  "openTime": "2021-12-07",
  "patchDescription": "ZOHO ManageEngine ServiceDesk Plus\uff08SDP\uff09\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eITIL\u67b6\u6784\u7684IT\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u96c6\u6210\u4e86\u4e8b\u4ef6\u7ba1\u7406\u3001\u95ee\u9898\u7ba1\u7406\u3001\u8d44\u4ea7\u7ba1\u7406IT\u9879\u76ee\u7ba1\u7406\u3001\u91c7\u8d2d\u4e0e\u5408\u540c\u7ba1\u7406\u7b49\u529f\u80fd\u6a21\u5757\u3002\r\n\r\nZOHO ManageEngine ServiceDesk Plus\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZOHO ManageEngine ServiceDesk Plus\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ZOHO ManageEngine ServiceDesk Plus \u003c11306",
      "Zoho ManageEngine ServiceDesk Plus MSP \u003c10530",
      "ZOHO ManageEngine SupportCenter Plus \u003c11014"
    ]
  },
  "referenceLink": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021",
  "serverity": "\u4e2d",
  "submitTime": "2021-11-30",
  "title": "ZOHO ManageEngine ServiceDesk Plus\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2021-44077

Vulnerability from fkie_nvd - Published: 2021-11-29 04:15 - Updated: 2026-06-17 04:11

CISA KEVIntel

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above	Patch, Vendor Advisory
cve@mitre.org	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529	Vendor Advisory
cve@mitre.org	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021	Vendor Advisory
cve@mitre.org	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013	Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077	US Government Resource

Impacted products

Vendor	Product	Version
zohocorp	manageengine_servicedesk_plus	*
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.1
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.2
zohocorp	manageengine_servicedesk_plus	11.3
zohocorp	manageengine_servicedesk_plus	11.3
zohocorp	manageengine_servicedesk_plus	11.3
zohocorp	manageengine_servicedesk_plus	11.3
zohocorp	manageengine_servicedesk_plus	11.3
zohocorp	manageengine_servicedesk_plus	11.3
zohocorp	manageengine_servicedesk_plus_msp	*
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_servicedesk_plus_msp	10.5
zohocorp	manageengine_supportcenter_plus	*
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0
zohocorp	manageengine_supportcenter_plus	11.0

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "cisaActionDue": "2021-12-15",
  "cisaExploitAdd": "2021-12-01",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "816A3CCE-7BD4-4D3D-984B-6BCFE3E3769E",
              "versionEndExcluding": "11.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*",
              "matchCriteriaId": "106A06E5-56E8-41D3-A059-7DA6737DABAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*",
              "matchCriteriaId": "401AEAD2-183D-4E55-94AD-D24A9BE46D61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*",
              "matchCriteriaId": "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*",
              "matchCriteriaId": "417D6E6A-C16A-4A76-8D65-31340834233E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*",
              "matchCriteriaId": "1A040A5B-8C2A-4557-AB5E-1427B0F1E889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*",
              "matchCriteriaId": "207A81A8-02EF-4793-B047-46581BF7E60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*",
              "matchCriteriaId": "194BEECD-F877-4D28-A534-E965D69C9EB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*",
              "matchCriteriaId": "8EA1D3D0-696F-4FFE-9CDE-B69071FA574E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*",
              "matchCriteriaId": "7D130762-4B49-4089-99A1-FEFD6B76AB8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*",
              "matchCriteriaId": "CDC33E6B-81E2-4A15-8889-2CD709CF5E45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*",
              "matchCriteriaId": "E08A077E-B1AA-432A-B37A-AA603C8CD1FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*",
              "matchCriteriaId": "69B73464-8627-4CCE-93CE-B312A9D7B35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*",
              "matchCriteriaId": "51839FBE-A7E1-40FD-B44B-F9C8CA62E063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*",
              "matchCriteriaId": "7BE9BFCC-04AB-4053-949C-B2860E7E43B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*",
              "matchCriteriaId": "A2062399-67EA-4368-9629-60E4A59DDB29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*",
              "matchCriteriaId": "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*",
              "matchCriteriaId": "4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*",
              "matchCriteriaId": "DEE7D305-0FA5-4126-A585-4FC1162AFA29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*",
              "matchCriteriaId": "05376518-DE14-45F7-9B60-F4B4CF7BD7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*",
              "matchCriteriaId": "7FB2885F-308D-4AAC-9CD3-53150CC81C1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*",
              "matchCriteriaId": "188135EF-9821-4325-A34F-AB6F430F5DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*",
              "matchCriteriaId": "DC971E05-D69B-4688-861D-3D6357726CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*",
              "matchCriteriaId": "FF31050A-1CB8-48E0-BFFA-4BC89538FEBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*",
              "matchCriteriaId": "5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*",
              "matchCriteriaId": "360C0396-E928-4FCB-BAD3-6246A3BCEE37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*",
              "matchCriteriaId": "3287B495-E4CB-4B2F-9ED5-E077AB0CDC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D82A926C-EDD8-4540-B6D0-695A16686511",
              "versionEndExcluding": "10.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*",
              "matchCriteriaId": "6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*",
              "matchCriteriaId": "860EBABC-B252-4C73-97C6-57A67ED94492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*",
              "matchCriteriaId": "71E4F529-B091-4565-B024-185174483A70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*",
              "matchCriteriaId": "FADCF801-93E0-430B-BD14-092ACE960D05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*",
              "matchCriteriaId": "97CD568D-AF18-42E7-8357-9AE2B279BEE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*",
              "matchCriteriaId": "9EB715EE-313B-4D62-A345-C4F7EB7C3DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*",
              "matchCriteriaId": "B965016B-7584-4661-A8F3-C8EA3DB1E94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*",
              "matchCriteriaId": "DCF7199B-A66E-425B-9614-D8256C4C828D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*",
              "matchCriteriaId": "81F583C7-CB76-430A-A7AC-F3E727E0A26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*",
              "matchCriteriaId": "F33A3E84-F73B-4797-8A97-3F10F77BD631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*",
              "matchCriteriaId": "724284CA-51FE-46E8-B90E-99C53615901B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*",
              "matchCriteriaId": "8342A66C-4C0B-4FAE-987A-276CE126724B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*",
              "matchCriteriaId": "39C638A3-C8A1-4C2A-9B8F-39339F5674CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*",
              "matchCriteriaId": "7BB0CD9F-5459-44A7-9AD1-A70D3208369B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*",
              "matchCriteriaId": "7399A6B2-B0F2-4898-AC04-E50B508EA495",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*",
              "matchCriteriaId": "7793C1AC-38FA-4B31-BB78-004A519DD4A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*",
              "matchCriteriaId": "7C30D050-4BDC-46E6-819E-49898AD56BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*",
              "matchCriteriaId": "AB7D8E3B-30C3-44C5-90B7-561F4E09830E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*",
              "matchCriteriaId": "33960952-4461-4502-A2B5-364E22C96824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*",
              "matchCriteriaId": "0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*",
              "matchCriteriaId": "AD1A9B14-02F0-4674-9032-73778271CACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10521:*:*:*:*:*:*",
              "matchCriteriaId": "9F64234B-85F7-45FE-9308-5C45F95EC4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10522:*:*:*:*:*:*",
              "matchCriteriaId": "9EE6A4EB-E22A-4B06-9C2A-BCF1CA20A2BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10523:*:*:*:*:*:*",
              "matchCriteriaId": "1758E31C-9AD6-480F-B425-EA7776CDA1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10524:*:*:*:*:*:*",
              "matchCriteriaId": "9506206D-1914-4FDD-AD81-5DACC07B6990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10525:*:*:*:*:*:*",
              "matchCriteriaId": "79283836-E9D6-4C54-9E3D-40FB586B9071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10526:*:*:*:*:*:*",
              "matchCriteriaId": "6AA91D46-40E8-4019-B993-80CFAC548F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10527:*:*:*:*:*:*",
              "matchCriteriaId": "7DFDE5E2-1F3A-4C1C-9323-0025E87FA4F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10528:*:*:*:*:*:*",
              "matchCriteriaId": "8EDCDA56-54A1-4D94-96FD-AD1064E15767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10529:*:*:*:*:*:*",
              "matchCriteriaId": "1A3E96BB-0EF9-4DAC-84EB-7496F7293D71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "791D8E77-1A6B-4739-A6E6-BF91E978144E",
              "versionEndExcluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
              "matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
              "matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
              "matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
              "matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
              "matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
              "matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
              "matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
              "matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
              "matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
              "matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
              "matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
              "matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
              "matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
              "matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
    },
    {
      "lang": "es",
      "value": "Zoho ManageEngine ServiceDesk Plus versiones anteriores a 11306, ServiceDesk Plus MSP versiones anteriores a 10530, y SupportCenter Plus versiones anteriores a 11014, son vulnerables a una ejecuci\u00f3n de c\u00f3digo remota no autenticada. Esto est\u00e1 relacionado con las URLs /RestAPI en un servlet, y con ImportTechnicians en la configuraci\u00f3n de Struts"
    }
  ],
  "id": "CVE-2021-44077",
  "lastModified": "2026-06-17T04:11:52.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2021-44077",
          "options": [
            {
              "exploitation": "active"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2025-02-04T19:30:45.713677Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2021-11-29T04:15:06.737",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-XM89-VXJX-JVCG

Vulnerability from github – Published: 2021-11-30 00:00 – Updated: 2025-10-22 00:32

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-44077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-29T04:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.",
  "id": "GHSA-xm89-vxjx-jvcg",
  "modified": "2025-10-22T00:32:26Z",
  "published": "2021-11-30T00:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44077"
    },
    {
      "type": "WEB",
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
    },
    {
      "type": "WEB",
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
    },
    {
      "type": "WEB",
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
    },
    {
      "type": "WEB",
      "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44077"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-44077

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-44077

Aliases

CVE-2021-44077

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-44077",
    "description": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.",
    "id": "GSD-2021-44077",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2021-44077"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-44077"
      ],
      "details": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.",
      "id": "GSD-2021-44077",
      "modified": "2023-12-13T01:23:20.337584Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-44077",
      "dateAdded": "2021-12-01",
      "dueDate": "2021-12-15",
      "product": "ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution",
      "vendorProject": "Zoho",
      "vulnerabilityName": "Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-44077",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021",
            "refsource": "MISC",
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
          },
          {
            "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above",
            "refsource": "MISC",
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
          },
          {
            "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529",
            "refsource": "MISC",
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
          },
          {
            "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013",
            "refsource": "MISC",
            "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
          },
          {
            "name": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10521:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10525:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10526:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10527:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10528:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10529:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10522:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10523:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10524:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-44077"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021"
            },
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above"
            },
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529"
            },
            {
              "name": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013"
            },
            {
              "name": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-07-12T17:42Z",
      "publishedDate": "2021-11-29T04:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-44077 (GCVE-0-2021-44077)

CISA

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

KEVIntel

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Public Report Successful Exploitation Confidence: 70% Source: kevintel

Details

References

BDU:2022-00677

CNVD-2021-94846

FKIE_CVE-2021-44077

GHSA-XM89-VXJX-JVCG

GSD-2021-44077

Tags

Sightings

Nomenclature