Data Exposure Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP
CVE-2021-31160

7.5HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Servicedesk Plus; Manageengine Servicedesk Plus Msp
Vendor: CVE Published:; 29 June 2021

What is CVE-2021-31160?

Zoho ManageEngine ServiceDesk Plus MSP prior to version 10521 contains a vulnerability that allows unauthorized access to internal data, posing risks for sensitive information exposure. Organizations using affected versions should consider applying the necessary updates promptly to mitigate potential threats and protect their data integrity.

References

https://www.manageengine.com/products/service-desk-msp/re...

https://excellium-services.com/cert-xlm-advisory/cve-2021...

https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31160

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Apr 14, 2021

Zohocorp

What is CVE-2021-31160?

References

EPSS Score

CVSS V3.1

Timeline