|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-07-13 | |
| Rule Name: | Zoho ManageEngine ServiceDesk Plus Command Execution Vulnerability (CVE-2021-20081) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Zoho ManageEngine ServiceDesk Plus (SDP) is a set of IT service management software based on ITIL architecture of Zoho. The software integrates event management, problem management, asset management IT project management, procurement and contract management. Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Others | |
| Reference: | https://www.tenable.com/security/research/tra-2021-22 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.tenable.com/security/research/tra-2021-22 |