CVE-2021-44077
- Reference to the description:
- Description:
- Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
- Last updated date:
- 08/08/2023
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 12/01/2021
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 12/02/2021
- Reference url to background
https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/08/2021
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/09/2021
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 03/29/2022
- Reference url to background
http://packetstormsecurity.com/files/165400/ManageEngine-ServiceDesk-Plus-Remote-Code-Execution.html