Overview
- Description
- Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Known exploits
Data from CISA
- Vulnerability name
- Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
- Exploit added on
- Dec 1, 2021
- Exploit action due
- Dec 15, 2021
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-306
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11138:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "106A06E5-56E8-41D3-A059-7DA6737DABAE"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11139:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "401AEAD2-183D-4E55-94AD-D24A9BE46D61"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11140:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD69D55A-3975-4F1E-8D6F-E0074F83CCBE"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11141:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "417D6E6A-C16A-4A76-8D65-31340834233E"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11142:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A040A5B-8C2A-4557-AB5E-1427B0F1E889"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11143:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "207A81A8-02EF-4793-B047-46581BF7E60B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11144:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "194BEECD-F877-4D28-A534-E965D69C9EB9"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.1:11145:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EA1D3D0-696F-4FFE-9CDE-B69071FA574E"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11200:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D130762-4B49-4089-99A1-FEFD6B76AB8F"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11201:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDC33E6B-81E2-4A15-8889-2CD709CF5E45"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11202:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E08A077E-B1AA-432A-B37A-AA603C8CD1FB"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11203:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69B73464-8627-4CCE-93CE-B312A9D7B35C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11204:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51839FBE-A7E1-40FD-B44B-F9C8CA62E063"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11205:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BE9BFCC-04AB-4053-949C-B2860E7E43B5"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11206:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2062399-67EA-4368-9629-60E4A59DDB29"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11207:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9841B62-4C50-4A3A-8B54-BB0AEC8B1AA2"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11208:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D18D25F-2EEF-4AE8-9C1E-183CDC621EC4"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11209:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEE7D305-0FA5-4126-A585-4FC1162AFA29"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11210:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05376518-DE14-45F7-9B60-F4B4CF7BD7A2"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.2:11211:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FB2885F-308D-4AAC-9CD3-53150CC81C1F"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11300:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "188135EF-9821-4325-A34F-AB6F430F5DDC"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC971E05-D69B-4688-861D-3D6357726CB6"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11302:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF31050A-1CB8-48E0-BFFA-4BC89538FEBA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11303:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FB44A07-0D2E-4FA3-8B8B-7C56C204B4BE"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11304:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "360C0396-E928-4FCB-BAD3-6246A3BCEE37"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus:11.3:11305:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3287B495-E4CB-4B2F-9ED5-E077AB0CDC11"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "702877AB-4E70-4E11-BBBF-F3B9670C39FB",
"versionEndIncluding": "10.5"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10500:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6BA242DB-20DE-4C22-9EEC-E8DF5C2D8260"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10501:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "860EBABC-B252-4C73-97C6-57A67ED94492"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10502:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71E4F529-B091-4565-B024-185174483A70"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10503:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FADCF801-93E0-430B-BD14-092ACE960D05"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10504:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97CD568D-AF18-42E7-8357-9AE2B279BEE0"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10505:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EB715EE-313B-4D62-A345-C4F7EB7C3DED"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10506:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B965016B-7584-4661-A8F3-C8EA3DB1E94C"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10507:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCF7199B-A66E-425B-9614-D8256C4C828D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10508:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81F583C7-CB76-430A-A7AC-F3E727E0A26D"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10509:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F33A3E84-F73B-4797-8A97-3F10F77BD631"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10510:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "724284CA-51FE-46E8-B90E-99C53615901B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10511:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8342A66C-4C0B-4FAE-987A-276CE126724B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10512:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39C638A3-C8A1-4C2A-9B8F-39339F5674CE"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10513:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BB0CD9F-5459-44A7-9AD1-A70D3208369B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10514:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7399A6B2-B0F2-4898-AC04-E50B508EA495"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10515:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7793C1AC-38FA-4B31-BB78-004A519DD4A2"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10516:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C30D050-4BDC-46E6-819E-49898AD56BFA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10517:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB7D8E3B-30C3-44C5-90B7-561F4E09830E"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10518:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33960952-4461-4502-A2B5-364E22C96824"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10519:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0089DEEE-7CC5-4AC6-A66C-F22B4E6EF2DA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10520:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD1A9B14-02F0-4674-9032-73778271CACB"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10521:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F64234B-85F7-45FE-9308-5C45F95EC4AA"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10522:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EE6A4EB-E22A-4B06-9C2A-BCF1CA20A2BB"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10523:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1758E31C-9AD6-480F-B425-EA7776CDA1F0"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10524:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9506206D-1914-4FDD-AD81-5DACC07B6990"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10525:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79283836-E9D6-4C54-9E3D-40FB586B9071"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10526:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AA91D46-40E8-4019-B993-80CFAC548F79"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10527:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DFDE5E2-1F3A-4C1C-9323-0025E87FA4F8"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10528:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8EDCDA56-54A1-4D94-96FD-AD1064E15767"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_servicedesk_plus_msp:10.5:10529:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A3E96BB-0EF9-4DAC-84EB-7496F7293D71"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBD6428C-9132-46B0-849B-DDDFA23B1C2B",
"versionEndIncluding": "11.0"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11000:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D788203D-B169-4C98-B090-B070630750DF"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "846EA6AB-9588-4D9F-AEBD-83B018BE7362"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11002:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDD540F2-C964-40DE-91AB-DE726AAA82A8"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11003:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB196A6F-FBD8-4573-B1B2-BE2B06BD1AC5"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11004:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "685783DB-DD06-4D9C-9E83-63449D5B60D9"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11005:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C371F2CD-A1F8-4EC7-8096-D61DEA337D44"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11006:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B980A72F-53E2-4FC1-AA25-743AE8650641"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11007:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68289AE6-F348-401A-BE49-08889492B23B"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11008:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0667DC3-8315-4F2B-BAB7-D1F1CA476D68"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11009:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34C768E0-FF5B-413D-87B2-9D09F28F95DC"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11010:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5570C5A9-A79B-48CF-B95D-3513F7B9BAF7"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11011:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B77031F5-E097-4549-BF5E-1D0718AB52B9"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11012:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A9C0879-8AE5-4E6E-998C-E79FC418C68A"
},
{
"criteria": "cpe:2.3:a:zohocorp:manageengine_supportcenter_plus:11.0:11013:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F1F21D7-08E8-4637-903B-4277399C0BD7"
}
],
"operator": "OR"
}
]
}
]