PT-2021-13759 · Manageengine · Manageengine Servicedesk Plus

Chris Lyne

Published

2021-06-10

Updated

2022-07-12

CVE-2021-20081

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: ManageEngine ServiceDesk Plus versions prior to 11205

Description: The issue allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges due to an incomplete list of disallowed inputs.

Recommendations: For versions prior to 11205, update to version 11205 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-20081

Affected Products

Manageengine Servicedesk Plus

PT-2021-13759 · Manageengine · Manageengine Servicedesk Plus

CVE-2021-20081

Related Identifiers

Affected Products

References · 4