SSRF Vulnerability in Zoho ManageEngine SupportCenter Plus
CVE-2021-43296

7.5HIGH

Key Information:

Vendor: Zohocorp
Status: Manageengine Supportcenter Plus
Vendor: CVE Published:; 30 November 2021

What is CVE-2021-43296?

Zoho ManageEngine SupportCenter Plus prior to version 11016 is affected by a Server-Side Request Forgery (SSRF) vulnerability in the ActionExecutor module. This flaw allows attackers to send malicious requests to internal services and possibly interact with the application's backend systems. It is critical for organizations using this software to apply the latest updates to mitigate potential risks.

References

https://manageengine.com

x_refsource_MISC

https://www.manageengine.com/products/support-center/read...

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 30, 2021
Vulnerability Reserved
Nov 3, 2021

Zohocorp

What is CVE-2021-43296?

References

EPSS Score

CVSS V3.1

Timeline