What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2021-44675.

What is the severity of CVE-2021-44675?

The severity of CVE-2021-44675 is critical with a CVSS score of 9.8.

What software is affected by CVE-2021-44675?

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is affected by CVE-2021-44675.

Is authentication required for exploitation?

No, authentication is not required for exploitation of CVE-2021-44675.

How do I fix CVE-2021-44675?

To fix CVE-2021-44675, update Zoho ManageEngine ServiceDesk Plus MSP to version 10.5 Build 10534 or later.

Vulnerability/
CVE-2021-44675

critical

9.8

CWE

287

20/12/2021

4/8/2024

CVE-2021-44675

First published: Mon Dec 20 2021(Updated: )

Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	<=10.5
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10500
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10501
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10502
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10503
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10504
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10505
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10506
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10507
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10508
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10509
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10510
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10511
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10512
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10513
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10514
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10515
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10516
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10517
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10518
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10519
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10520
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10521
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10522
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10523
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10524
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10525
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10526
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10527
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10528
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10529
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10530
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10531
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10532
Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus	=10.5-10533

Never miss a vulnerability like this again

Reference Links

https://pitstop.manageengine.com/portal/en/community/topic/security-advisory-authentication-bypass-vulnerabilities-in-servicedesk-plus-msp-that-could-lead-to-remote-code-execution

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-44675.
What is the severity of CVE-2021-44675?
The severity of CVE-2021-44675 is critical with a CVSS score of 9.8.
What software is affected by CVE-2021-44675?
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is affected by CVE-2021-44675.
Is authentication required for exploitation?
No, authentication is not required for exploitation of CVE-2021-44675.
How do I fix CVE-2021-44675?
To fix CVE-2021-44675, update Zoho ManageEngine ServiceDesk Plus MSP to version 10.5 Build 10534 or later.

collector/nvd-index
agent/severity
agent/author
agent/weakness
agent/references
agent/tags
agent/description
agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/zohocorp
canonical/zoho manageengine servicedesk plus (sdp) / supportcenter plus
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10500
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10501
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10502
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10503
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10504
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10505
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10506
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10507
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10508
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10509
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10510
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10511
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10512
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10513
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10514
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10515
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10516
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10517
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10518
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10519
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10520
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10521
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10522
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10523
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10524
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10525
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10526
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10527
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10528
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10529
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10530
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10531
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10532
version/zoho manageengine servicedesk plus (sdp) / supportcenter plus/10.5-10533