Information Disclosure Vulnerability in Zoho ManageEngine ServiceDesk Plus MSP
CVE-2021-31530

7.5HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Servicedesk Plus Msp
Vendor: CVE Published:; 29 June 2021

What is CVE-2021-31530?

Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10522 are susceptible to an information disclosure vulnerability. This flaw allows unauthorized access to sensitive data, potentially exposing critical information to malicious actors. Organizations using affected versions are strongly urged to upgrade to the latest release to mitigate the risks associated with this vulnerability.

References

https://www.manageengine.com/products/service-desk-msp/re...

https://excellium-services.com/cve-2021-31530/

https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31530

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Apr 21, 2021

Zohocorp

What is CVE-2021-31530?

References

CVSS V3.1

Timeline