medium
5.3
CWE
209
Advisory Published
Updated

CVE-2021-31159

First published: Wed Jun 16 2021(Updated: )

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Zoho ManageEngine ServiceDesk Plus MSP>=8.0<=9.4
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10500
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10501
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10502
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10503
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10504
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10505
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10506
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10507
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10508
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10509
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10510
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10511
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10512
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10513
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10514
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10515
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10516
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10517
Zoho ManageEngine ServiceDesk Plus MSP=10.5-10518
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8000
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8001
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8002
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8003
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8004
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8100
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8101
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8102
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8103
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8104
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8105
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8200
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8201
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8202
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8203
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8204
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8205
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8206
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8207
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8208
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8209
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8210
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8211
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8300
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8301
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8302
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8303
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8304
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8305
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8306
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8307
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8308
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8309
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8310
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8311
Zoho ManageEngine ServiceDesk Plus MSP=10.5-8312
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9000
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9001
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9002
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9003
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9004
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9005
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9006
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9007
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9008
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9009
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9201
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9203
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9204
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9205
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9206
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9207
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9208
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9209
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9210
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9300
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9301
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9302
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9303
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9304
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9305
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9306
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9307
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9308
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9400
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9401
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9402
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9403
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9404
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9405
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9406
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9407
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9408
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9409
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9410
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9411
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9412
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9413
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9414
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9415
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9416
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9417
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9418
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9419
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9420
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9421
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9422
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9423
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9424
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9425
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9426
Zoho ManageEngine ServiceDesk Plus MSP=10.5-9427

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-31159?

    CVE-2021-31159 has been classified as a low severity vulnerability as it allows for user enumeration through improper error-message generation.

  • How do I fix CVE-2021-31159?

    To remediate CVE-2021-31159, it is recommended to upgrade Zoho ManageEngine ServiceDesk Plus MSP to version 10.5-10519 or later.

  • Which versions of Zoho ManageEngine ServiceDesk Plus MSP are affected by CVE-2021-31159?

    CVE-2021-31159 affects Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10.5-10519, including versions 9.4 and earlier.

  • What impact does CVE-2021-31159 have on users?

    CVE-2021-31159 potentially exposes user account information by allowing attackers to determine if specific usernames are registered.

  • Is there a public exploit available for CVE-2021-31159?

    Currently, there are no known public exploits for CVE-2021-31159, but the vulnerability can still be exploited through the user enumeration method.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203