vulnerability
Zoho ManageEngine ServiceDesk Plus: Authentication bypass vulnerability in certain application URLs (CVE-2021-44077)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 09/11/2021 | 12/09/2021 | 03/26/2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
09/11/2021
Added
12/09/2021
Modified
03/26/2025
Description
TFA related URLs are misconfigured in ServiceDesk Plus. This vulnerability allows the attackers to upload malicious files into ServiceDesk Plus.
Solution
zoho-manageengine-servicedesk-plus-upgrade-latest
References
- CVE-2021-44077
- https://attackerkb.com/topics/CVE-2021-44077
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-versions-up-to-11305-22-11-2021
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerability-in-servicedesk-plus-versions-11138-and-above
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-servicedesk-plus-msp-versions-10527-till-10529
- URL-https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-for-cve-2021-44077-unauthenticated-rce-vulnerability-in-supportcenter-plus-versions-11012-and-11013
- URL-http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.