- Description
- Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Data from CISA
- Vulnerability name
- Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- May 3, 2022
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EAFC388-E113-4972-8B2F-B5E2DE249A7E",
"versionEndExcluding": "10.0.0"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97CABEC7-2B76-4B17-B906-1CB2B49515A1"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10000:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8254ACB-5C97-4C05-A3DC-E28428DFB3B5"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F68FFBD-EFD8-4DC7-BBBF-53C37B58C075"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10002:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EF8D0F-F50E-4C22-8B41-BD2D5F4DBE41"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10003:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "548CAD7B-9738-4764-84F3-8D7EFFB0F7EC"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10004:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01754D60-5592-4193-A2DF-4CE12D30CF24"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10005:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC5B570B-8C33-448C-84D9-BC9D5F9FEACD"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10006:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21DC1DA3-012F-4AF2-B6CA-968E50A503EC"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10007:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DE94B05-7B6A-4912-8590-D9C1791F9B68"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10008:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16C27699-4157-4473-9FB3-01151B3E21F3"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10009:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9AC6EC8-E1CA-4889-8AF8-482649CF2139"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10010:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4186B73E-0E0F-48E1-9A51-B90E228BDA14"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:10.0.0:10011:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CA6C73A-F3DE-469B-9F1E-6B9037F3F6F8"
}
],
"operator": "OR"
}
]
}
]