Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZohocorp Manageengine Servicedesk Plus
APPZohocorp11.111.211.3< 11.1Zohocorp Manageengine Servicedesk Plus Msp
APPZohocorp10.5< 10.5Zohocorp Manageengine Supportcenter Plus
APPZohocorp11.0< 11.0
CISA KEV — szczegółyi
- Dostawcai
- Zoho ↗
- Produkti
- ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus
- Data dodania do KEVi
- 1 grudnia 2021
- Termin remediation (USA)i
- 15 grudnia 2021(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami dostawcy.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Zoho ManageEngine ServiceDesk Plus przed wersją 11306, ServiceDesk Plus MSP przed wersją 10530 i SupportCenter Plus przed wersją 11014 są podatne na niezauwierzytelniony zdalny wykonywany kod
▸ Pokaż oryginał (EN)
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
Powiązane podatności
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code exec...
Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-...
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedule...
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication byp...
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass....