Data Exposure Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP
CVE-2021-31160

7.5HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Servicedesk Plus; Manageengine Servicedesk Plus Msp
Vendor: CVE Published:; 29 June 2021

What is CVE-2021-31160?

Zoho ManageEngine ServiceDesk Plus MSP prior to version 10521 contains a vulnerability that allows unauthorized access to internal data, posing risks for sensitive information exposure. Organizations using affected versions should consider applying the necessary updates promptly to mitigate potential threats and protect their data integrity.

References

https://www.manageengine.com/products/service-desk-msp/re...

https://excellium-services.com/cert-xlm-advisory/cve-2021...

https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31160

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Apr 14, 2021

CVE-2021-31160 Data

JSON

Zohocorp

What is CVE-2021-31160?

References

CVSS V3.1

Timeline