Skip to main content

CVE-2021-44077

Description

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-44077
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-44077
horizon3ai

Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

Refrence: GitHub

pizza-power

Golang Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus < 11306

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9